All medical and health information is confidential, recorded only in medical records. Medical records are secured, meeting all federal HIPPA regulations, for a period of 10 years.
University Of West Georgia
Notice of Privacy Practices
Effective Date: 04/14/03
If you have any questions about this notice please contact Tura Anthony R.N., contact person, privacy officer for health services.
This notice describes health service's procedures and that of any health care professional authorized to enter information into your medical chart including:
All departments and units of health services, any member of a volunteer group we allow to help while you are in our health services and all employees, staff and other health service's personnel.
Our Pledge Regarding Your Health Information:
We understand that information about you and your health is personal. We at Health Services are committed to protecting your health information. We create a record of the care and services you receive at Health Services as well as records regarding payment for those services. We need these records to provide you with quality care and to comply with certain legal requirements. This notice applies to all records of your care generated by our practice of the doctor and/or staff.
This notice will tell you about the ways in which we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of medical information.
We are required by law to:
Make sure that medical information that identifies you is kept private; give you this notice of our legal duties and privacy practices with respect to medical information about you; and follow the terms of the notice that is currently in effect.
How we may use and disclose health information about you.
The following categories describe different ways that we use and disclose health information. For each category of uses or disclosures we will explain what we mean and give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.
For Treatment. We may use health information about you to provide you medical treatment or services. We may disclose medical information about you to your doctors, nurses, technicians, medical students, or other personnel who are involved in taking care of you. Our health services also may share medical information about you in order to coordinate the different things you need, such as prescriptions and lab work.
For Payment. We may use and disclose health information about you so that the treatment and services you receive at health services may be billed, and that payment may be collected from you, an insurance company or another third party. For example, we may need to give your health information about services that you received at our health services so your health plan will pay us or reimburse you for the services. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
For Health Care Operations. We may use and disclose medical information about you for health care operations. These uses and disclosures are necessary to run our health services and to make sure that all patients receive quality care. For example, we may use medical information to review our treatment and services and to evaluate the performance of our staff in caring for you. We may also combine medical information about many of our patients to decide what additional services our Health Services should offer, what services are not needed, and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, medical students, and other health services personnel for review and learning purposes. We may also combine the medical information we have with medical information from other medical facilities to compare how we are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of medical information so others may use it to study health care delivery without learning who the specific patients are.
Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment opinions or alternatives that may be of interest to you.
Health-Related Benefits And Services. We may use and disclose medical information to tell you about health-related benefits or services that may be of interest to you.
Individuals Involved In Your Care Or Payment Of Your Care. We may release medical information only to the patient after an authorization for consent has been signed by the patient. Health services will not give out information over the phone or records in your chart to family or friends. We may disclose medical information about you to an entity assisting in a disaster relief effort.
As Required By Law. We will disclose medical information about you when required to do so by federal, state or local law.
To Avert A Serious Threat To Health Or Safety. We may use or disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would be to someone able to help prevent the threat.
Organ And Tissue Donations. If you are an organ donor, we may release medical information to organizations that handle organ procurement or organs, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
Military And Veterans. If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
Worker's Compensation. If applicable, we may release medical information about you for workers' compensation or similar programs. These programs provide benefits for work-related injuries or illness.
Public Health Risks. We may disclose medical information about you for public health activities. These activities generally include the following:
1. To prevent or control disease, injury or disability.
2. To report deaths.
3. To report reactions to medications or problems with products.
4. To notify people of recalls of products they may be using.
5. To notify a person who may have been exposed to a disease or may at risk for contracting or spreading a disease or condition.
6. To notify the appropriate government authority if we believe you have been the victim of abuse, neglect or domestic violence.
We will only make this disclosure when you agree or when required by law.
Health Oversight Activities. We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include' for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil right laws.
Lawsuits And Disputes. If you are involved in a lawsuit or a dispute, we may disclose medical information about you in a response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
Law Enforcement. We may release medical information if ask to do so by a law enforcement official:
1. In response to a court order, subpoena, warrant, summons or a similar process.
2. To identify or locate a suspect, fugitive, material witness, or a missing person.
3. About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person's agreement.
4. About a death we believe may be the results of criminal conduct.
5. About criminal conduct at the hospital.
6. In emergency circumstances to report a crime; the location of a crime or victims; or the identity, description or location of the person who committed the crime.
Coroners, Medical Examiners And Funeral Directors. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about our patients of health services to funeral directors as necessary to carry out their duties.
National Security And Intelligence Activities. We may release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
Protective Services For The President And Others. We may disclose medical information about you to authorized federal officials so they may provide protection to the president, other authorized persons or foreign heads of state or conduct special investigations.
Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care ;(2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
Your Rights Regarding Medical Information About You. You have the rights regarding medical information we maintain about you:
Rights To Inspect And Copy. You have the right to inspect and copy medical information that may be used to make decisions about your care. Usually, this includes medical and billing records, but does not include psychotherapy notes.
To inspect and copy medical information that may be used to make decisions about you, you must submit your request in writing to Tura Anthony. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request.
We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed if the denial is made for certain reasons. Another licensed health care professional chosen by health services will review your request and denial. The person conducting the review will not be the person that denied your request. We will comply with the outcome of the review.
Rights To Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask to amend the information. You have the right to request an amendment for as long as the information is kept by or for health services.
To request an amendment, your request must be made in writing and submitted to Tura Anthony; privacy officer... In addition, you must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
1. Was not created by us, unless the person or entity that created the information is no longer available to make the amendment, an example, health service's doctor has retired or you records were sent from university or your family physician...
2. Is not part of the information kept by or for health services? An example would be when records are requested from another university system or family physician the party requesting the information will ask specific time frame. In other words, a complete chart will not be automatically copied.
3. Is not part of the information which you would be permitted to inspect or copy? An example would be psychotherapy notes recorded by a mental health professional that contain contents of a conversation during a counseling session that are separate from the rest of the medical records.
4. Health Services will not amend medical information that is accurate and complete. An example, if lab work is drawn for state labs (HIV and syphilis) the HIV comes back normal and the syphilis comes back positive and the patient wants the report that came back positive to be taken out of the medical records because they have had no symptoms or the lab could have made a mistake and wants this information destroyed, retesting can be done but the original lab works remains as part of the medical records. And the second lab work is drawn and the test is negative this information will become part of the original chart and notes will be made to correct the mistake but no part of any medical records are ever destroyed.
Rights To An Accounting Of Disclosure. You have the right to request an "accounting of disclosures." This is an "accounting of disclosures." This is a list of certain disclosures we make of medical information about you.
To request this list on accounting of disclosures, you must summit your request in writing to Tura Anthony, Privacy Officer at Health Services. Health Services address is 1600 Maple Street, Carrollton Georgia, 30118. Phone numbers is 678-839-6452 and e-mail address is firstname.lastname@example.org your request must state a time period which may start more than six years in the past and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example on paper, electronically). The first list you request within a 12¬month period will be free. For additional lists, we may charge you for the cost of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any cost is incurred.
Rights To Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you to someone who is involved in your care or the payment of your care, like a family member or friend. For example, you could ask that we not use or disclose information to your parents, or that we not use your information in any quality assurance activities. Medical information is only released to the student and then a consent form has to be signed to release this medical information.
We Are Not Required To Agree To Your Request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.
To request restrictions you must make a request in writing to Tura Anthony, Privacy Officer at 678-839-6452 or e-mail email@example.com. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclose or both; and (3) to whom you want the limits to apply, for example disclosure to your spouse or one of your parents.
Rights To Request Confidential Communication. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.
To request confidential communication, you must make your request in writing to Tura Anthony, Privacy Officer. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
Rights To A Paper Copy Of This Notice. You have the right to a paper copy of this notice. You may ask for a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are entitled to a paper copy of this notice.
To obtain a paper copy of this notice contact: Tura Anthony, Privacy Officer.
Changes To This Notice. We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any information we receive in the future. We will post a copy of the current notice in Health Services. The notice will contain on the first page, in the right hand corner, the effective date.
Complaints. If you believe your privacy rights have been violated, you may file a complaint with health services or with the secretary of the department of Health and Human Services. To file a complaint with health services, contact Tura Anthony, Privacy Officer, contact person; phone 678-839-6452, and e-mail firstname.lastname@example.org. All complaints must be submitted in writing.
You will not be penalized in any way for filing a complaint.
Other uses of medical information. Other uses and disclosure of medical information not covered by this notice or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we no longer use or disclose medical information about you for any reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have made with your permission, and that we are required to retain our records of the care that we provided you.
Treatment, Payment, Operations (TPO)
Treatment. The provisions, coordination, or management of health care and related services by one or more health care providers, including the coordination of management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another.
(1) The activities undertaken by:
a. A health plan to obtain premiums or to determine or fulfill its responsibility for coverage and provision of benefits under the health plan; or
b. A covered health care provider or health plan to obtain or provide reimbursement for the provision of health care; and
(2) The activities in paragraph (1) of this definition relate to the individual to whom the health care is provided and include, but are not limited to:
a. Determinations of eligibility or coverage (including coordination of benefits or the determination of cost sharing amounts), and adjudication or subrogation of health benefits claims:
b. Risk adjusting amounts due based on enrollee health status and demographic characteristics;
c. Billing, claims management, collection activities, obtaining payment under a contract for reinsurance (including stop-loss insurance and excess of loss insurance), and related health care data processing;
d. Review of health care services with respect to medical necessity, coverage under a health plan, appropriateness of care, or justification of charges;
e. Utilization review activities, including recertification and preauthorization of services, concurrent and retrospective review of services; and
f. Disclosure to consumer reporting agencies of any of the following protected health information relating to collection of premiums or reimbursement:
(A)Name and address;
(B)(B) Date of birth;
(C)Social security number;
(E)Account number; and
(F)Name and address of the health care provider and/or health plan.
Health Care Operations:
Any of the following activities of the covered entity to the extent that the activities are related to covered function, and any of the following activities of an organized health care arrangement in which the covered entity participates:
(1) Conducting quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any study resulting from such activities; population-based activities relating to improving health care costs, protocol development, case management and care coordination, contacting of health care providers and patients with information about treatment management alternatives; and related functions that do not include treatment;
(2) Reviewing the competence or qualifications of health care professionals, evaluating practitioner and provider performance, health care performance, conducting training programs in which students trainees, or partowners in area of health care learn under supervision to practice or improve their skills as health care providers, training of non health care professional accreditation, certification, licensing, or credentialing activities;
(3) Underwriting, premium rating, and other activities relating to the creation, renewal or replacement of a contract health insurance or health benefits, and ceding, securing, or placing a contract for reinsurance of risk relating claims for health care (including stop-loss insurance and excess loss of insurance), provided that the requirements 164.514 (disclosure of protected health care information) are met, if applicable;
(4) Conducting or arranging for medical review, legal services, and auditing functions, including fraud and abuse and detection and compliance programs;
(5) Business planning and development, such as cost-management and planning related analyses related to managing and operating the entity, including formulary development and administration, development or improvement of methods of payment or coverage policies; and
(6) Business management and general administrative activities of the entity; including but not limited to:
i. Management activities relating to implementation of and compliance with the requirements of this subchapter;
ii. Customer service, including the provision of data analyses for policy holders, plan sponsors, or other customers, provided that protected health information is not disclosed to such policy holder, plan sponsor, or customer.
iii. Resolution of internal grievances;
iv. The sale, transfer, merger, or consolidation of all or part of the covered entity with another covered entity or an entity that following such activity will become a covered entity and due diligence related to such activities; and
v. Consistent with the applicable requirements of 164.514 (disclosure of protected health care information), creating deidentified health information or a limited data set, and fundraising for benefits of the covered entity.
(7) Phi Disclosed To Consulting Physicians
The policy rule permits covered entities to disclose protected health information ("PHI") to consulting physicians for three reasons:
Treatment. There is no limitation on PHI disclosed protected health information disclosed to other health care providers for the purpose of treatment of the individual who is the subject of the information.
Payment: PHI may be disclosed to the consulting physician (or any other entity) for the purpose of payment for health care services provided to the individual who is the subject of the information.
Health Care Operations: PHI may be disclosed to a consulting physician for certain health care operations of the consulting physician if that consulting physician has a treatment relationship with the individual who is the subject of the information. This PHI can be disclosed for the following purposes:
quality assessment and improvement activities; population-based activities relating to improving health or reducing health care cost; Case management and care coordination;
Conducting training programs; accreditation, licensing, or credentialing activities;
Health care fraud and abuse detection or compliance.
Govornment Authorities and Regulatory Agencies.. When health services is required by law to provide patient information to a governmental authority or regulatory agency. The following list includes most of these cases.
1. Acquired Immunodeficiency Anthrax
Hepatitis A, B or C Legionellosis
Rubella Streptococcal, invasive, group A
2. Investigation by state medical board
3. Death reporting to the state
4. Disclosure of rare diseases to a foreign governmental agency collaborating with the Center of Disease Control
5. FDA reporting of an adverse reaction to food supplement
6. FDA reportable of malfunction if the FDA tracks/repairs/recalls/withdraws products
7. Law enforcement officials investigating abuse, or to aid in identifying suspects, fugitive, material witness or missing person
8. OSHA reporting
9. Department of veterans affairs (DVA) pertaining to members of the armed forces upon separation or discharge of the individual from military services
10. A health plan providing public benefits under a government program
11. A government authority or protective agency authorized to receive reports of child abuse or neglect
12. A health oversight agency for authorized oversight activities
13. A coroner or medical examiner for purposes of identifying the deceased person or determining the cause of death
14. Specialized government activities such as certain military, national security and intelligence activities
15. Marketing no authorization. Health services cannot sell lists of our patients to third parties or disclose PHI for marketing efforts, with authorization from the patient.
16. Authorizations is voluntary, specify what is tom be released, specify what it is going to be used for, includes date of expiration, patient may revoke at ant time, disclose remuneration to consent.
17. An authorization is required for release of psychotherapy notes, notes recorded by a mental health professional that contain conversation during a counseling session that are separate from the rest of the medical records.
18. Federal Law- requires documents related to privacy/security are kept for six years
19. Charts Clia Waived-Required by the public health act to be kept for ten years and these are CLIA' S policy and regulations.
20. Georgia's Identity Theft Law-All medical information printed in health services that has identifiable information will automatically shredded on site.
Tura Anthony R.N.
Director of Nursing
State University of West Georgia
Dr. Leslie Cottrell
University of West Georgia