Notice of Privacy Practices
Updated July 1, 2020
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
If you have any questions about this notice, please contact our Privacy Officer. Our Registration or Admissions staff will provide you with the contact information.
Who Will Follow This Notice
This notice describes our facility’s practices and that of any programs associated with UPMC Western Maryland. The privacy practices in this notice will be followed by:
- Any healthcare professional who treats you in any of our facilities or is authorized to enter information into your file or record;
- All employees, staff and other personnel at UPMC Western Maryland involved in treatment, payment, or facility operations; and
- Any business associate or partner of UPMC Western Maryland with whom we share health information.
Our Pledge Regarding Health Information
We understand that health information about you and your health is personal. We are committed to protecting health information about you. We create a record of the care and services you receive in our facility. We need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the records of your care.
This notice will tell you about the ways in which we may use and disclose health information about you. It also describes your rights and certain obligations we have regarding the use and disclosure of health information.
We are required by law to:
- Make sure that health information that identifies you is kept private;
- Give you this notice of our legal duties and privacy practices with respect to health information about you; and
- Follow the terms of the notice that is currently in effect.
This Notice of Privacy Practices describes how we may use and disclose your protected health information to carry out treatment, payment or healthcare operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information. “Protected health information” is information about you, including demographic information that may identify you and that relates to your past, present or future physical or mental health or condition and related healthcare services.
How We May Use and Disclose Your Health Information
The following categories describe different ways that we use and disclose health information. Each category of uses or disclosures will be explained but not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.
For Treatment: We may use health information about you to provide you with health treatment or substance abuse services. Only the minimally necessary information will be revealed during any disclosures. We may disclose health information about you to doctors, nurses, technicians, physician assistants, nurse practitioners, Home Health Entities, Hospice Home Health Entities, Skilled Nursing Facilities, Long term care facilities, and other health system personnel who are involved in taking care of you. Different departments of our facility also may share health information about you in order to coordinate the different things you need, such as prescriptions, lab work or special diets. We also may disclose health information about you to people outside the facility who may be involved in your medical care after you leave the hospital, such as family members, clergy or others we use to provide services that are part of your care. When required to, we will obtain your authorization before disclosing any of your information. For example, your authorization is necessary for most uses and disclosures of psychotherapy notes.
For Payment: We may use and disclose health information about you so that the treatment and services you receive may be billed to and payment may be collected from you, an insurance company, or a third party. For example, we may need to give your health plan information about treatment you received so your health plan will pay us or reimburse you. We may also tell your health plan about a treatment that has been proposed for you to obtain prior approval or to determine if your plan will cover the treatment. If you pay for your services in full yourself, you can instruct us not to share information about your treatment with your health plan.
For Healthcare Operations: We may use and disclose health information about you for hospital operations. These uses and disclosures are necessary to run the hospital and make sure that all of our patients receive quality care. For example, we may use health information to review our treatment and services and evaluate the performance of our staff in caring for you. We may also disclose information to doctors, nurses, technicians, and other hospital personnel for review and learning purposes. We may also combine the health information we have with health information from other hospitals to compare how we are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of information so others may use it to study healthcare delivery without learning who the specific patients are.
Health Information Exchanges: We participate in the Chesapeake Regional Information System for our Patients (CRISP), a statewide Internet-based health information exchange. As permitted by law, your health information will be shared with this exchange in order to facilitate the secure exchange of your electronic health information between healthcare providers and other healthcare entities for your treatment, payment, or other healthcare operation purposes. You may opt out of CRISP and prevent providers from being able to search for your information through the exchange by completing and submitting an opt-out form to CRISP by mail, fax, or online. The opt-out form is available at www.crisphealth.org.
Appointment Reminders: We may also use and disclose health information to contact you as a reminder that you have an appointment or missed an appointment for treatment in order to reschedule.
Treatment Alternatives: We may use and disclose health information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
Health-Related Benefits and Services: We may use and disclose health information to tell you about health-related benefits or services that may be of interest to you for your care or case management. We will not use or disclose your health information for other marketing purposes without your authorization. We will not sell your health information without your permission.
Hospital Directory: We may include certain limited information about you in the hospital directory while you are a patient in the hospital. This information may include your name, location in the hospital, telephone number, and one word about your general condition (i.e. fair, good, etc.). The directory information may be released to people who ask for you by name so that family and friends can contact you. You have the right to request that this information is not listed in the hospital directory and we will withhold this information upon your request.
Fundraising Activities: We may use limited health information to contact you or have the WMHS Foundation contact you in an effort to raise money for the health system and its operations. We would only release contact information, such as name, address, phone number, and dates of service for this purpose. If you do not want us to contact you for fundraising efforts, you must notify the WMHS Foundation office in writing at P. O. Box 539, Cumberland, MD 21502.
Research: Under certain circumstances, we may use and disclose minimally necessary health information about you for research purposes. All research projects, however, are subject to a special approval process. Before we use or disclose protected health information for research, you must sign a research authorization form.
As Required By Law: We will disclose minimally necessary health information about you when required to do so by federal, state or local law.
To Avert A Serious Threat To Health Or Safety: We may use and disclose minimally necessary health information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
Organ & Tissue Donation: If you are an organ donor, we may release health information to organizations that handle organ procurement, transplantation, or donation as necessary to facilitate the process.
Military and Veterans: If you are a member of the armed forces, we may release health information about you as required by military command authorities.
Workers’ Compensation: We may release health information about you for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.
Public Health Risks: We may disclose health information about you for public health activities. These activities generally include the following:
- To prevent or control disease, injury or disability;
- To report births and deaths;
- To report child abuse or neglect;
- To report reaction to medication or problems with products;
- To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
- To notify the appropriate government authority if we believe a patient has been the victim of domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
Health Oversight Activities: We may disclose minimally necessary health information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the healthcare system, government programs, and compliance with civil rights laws.
Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we may disclose minimally necessary health information about you in response to a proper court order or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
Law Enforcement: We may release minimally necessary health information about you if asked to do so by a law enforcement official:
- In response to a proper court order or similar process;
- In response to a subpoena for a member of the UPMC Western Maryland staff;
- About criminal conduct involving our facility;
- And other situations as required by law and regulations.
Medical Examiners: We may also release necessary health information about you to a medical examiner. This may be necessary, for example, to identify a deceased person or to determine the cause of death.
Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release health information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with healthcare; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
Your Rights Regarding Health Information About You
You have the following rights regarding health information we maintain about you:
Right to Inspect and Copy: You have the right to inspect and request a copy of your medical records. This usually does not include psychotherapy notes. To inspect and request a copy of your medical records, you must submit your request to the UPMC Western Maryland Medical Records Department. You may also request an electronic copy of your records. If you request a copy of the information, we may charge a fee for the costs of retrieving, copying, mailing, and any other supplies associated with your request.
Right to Amend: If you feel that any of the health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by our facility.
To request an amendment, your request must be made in writing and submitted to the UPMC Western Maryland Medical Records Department. In addition, you must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- Is not part of the health information kept by our facility;
- Is not part of the information which you would be permitted to inspect and copy; or
- Is accurate and complete.
Right to an Accounting of Disclosures: You have the right to request an “accounting of disclosures.” This is a list of the disclosures we have made of your health information. We are not required to account for routine disclosures, for example disclosures between UPMC Western Maryland staff regarding your care.
To request this accounting of disclosures, you must submit your request in writing to the UPMC Western Maryland Medical Records Department. Your request must state a time period that may not be longer than six years and may not include dates before April 14, 2003. The first accounting you request within a 12-month period will not include a cost for providing the disclosures list. For additional accountings, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Confidential Communications: You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to the UPMC Western Maryland Medical Records Department. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
Right To Know About a Breach: You have the right to be notified when a breach of your unsecured protected health information has occurred.
Right to a Copy of This Notice: You have the right to a copy of this notice. Copies are available in our admitting and registration areas, and a copy is posted at our website at www.UPMCwesternmaryland.com.
Right to Request Restrictions: Even though all disclosures we already make are minimally necessary, you have the right to request a restriction or limitation on the health information we use or disclose about you for treatment, payment or
healthcare operations. You also have the right to request a limit on the health information we disclose about you to someone who is involved in your care or the payment for your care. Finally, you have the right to request a restriction on the people who are able to obtain the information we disclose. However, we are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment. To request a restriction or limitation, your request must be made in writing and submitted to the UPMC Western Maryland Medical Records Department.
Changes to This Notice
We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for health information we already have about you as well as any information we receive in the future. We will post a copy of the current notice in our facility in our Admitting Offices. This notice will contain the effective date. In addition, each time you are in our facility for treatment we will offer you a copy of the current notice in effect.
If you believe your privacy rights have been violated, you may file a complaint with our facility or with the Secretary of the Department of Health and Human Services. To file a complaint with our facility, contact the Patient Safety Officer at 240-964-2196 or the Compliance Officer at 240-964-8105. All complaints must be submitted in writing. You will not be penalized for filing a complaint.
Other Uses of Health Information
Other uses and disclosures of health information not covered by this notice or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose health information about you, you may revoke that permission in writing at any time. If you revoke your permission, we will no longer use or disclose health information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission and that we are required to retain our records of the care that we have provided you.
Protection of Your Privacy
We respect the confidentiality of your relationship with your doctor and other caregivers, and the sensitive information about your health and health care are part of that relationship. State and federal laws and hospital operating policies protect the privacy of your medical information. Our Notice of Privacy Practices, which is included in this booklet, describes the ways that we can use, disclose, and safeguard patient information. It also explains how you can obtain a copy of information from our records about your care.
Notice of Privacy Practice: Your privacy is important to us and we are committed to protecting health information about you. We follow the Health Insurance Portability Accountability Act (HIPAA) privacy standards. A copy of the UPMC Western Maryland Patient Rights & Responsibilities booklet that includes the Notice of Privacy Practices is also available at the Nurses Station where you are a patient.