Patients & Visitors
Wednesday, January 25, 2017
Tuesday, November 1, 2016
Monday, October 17, 2016
Thursday, September 22, 2016
Notice of Privacy Practices
Ivinson Memorial Hospital
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We are required by law to provide you with this notice explaining IMH's privacy practices with regard to your medical information and how we may use and disclose your protected health information (PHI) for treatment, payment, and for health care operations, as well as for other purposes that are permitted or required by law. You have certain rights regarding the privacy of your protected health information and we also describe those rights in this notice.
IMH reserves the right to change the provisions of our Notice and make new provisions effective for all PHI we maintain. If IMH makes a material change to our Notice, we will post the changes promptly on our website at http://www.ivinsonhospital.org.
What is Protected Health Information?
Protected Health Information (PHI) consists of individually identifiable health information, which may include demographic information IMH collects from you or creates or receives by a health care provider, a health plan, your employer, or a health care clearinghouse and that relates to: (1) your past, present or future physical or mental health or condition; (2) the provision of health care to you; or (3) the past, present or future payment for the provision of health care to you.
Effective DateThis Notice of Privacy Practices became effective on April 14, 2003 and was amended on September 23, 2013.
IMH is including HITECH Act provisions to its Notice as follows:
HITECH Notification Requirements
Under HITECH, IMH is required to notify patients whose PHI has been breached. Notification must occur by first class mail within 60 days of the event. A breach occurs when an unauthorized use or disclosure that compromises the privacy or security of PHI poses a significant risk for financial, reputational, or other harm to the individual. This notice must:
(1) Contain a brief description of what happened, including the date of the breach and the date of discovery;
(2) The steps the individual should take to protect themselves from potential harm resulting from the breach;
(3) A brief description of what IMH is doing to investigate the breach, mitigate losses, and to protect against further breaches.
Effective February 2010, IMH's Business Associate Agreements have been amended to provide that all HIPAA security administrative safeguards, physical safeguards, technical safeguards and security policies, procedures, and documentation requirements apply directly to the business associate.
HITECH states that if a patient pays in full for their services out of pocket they can demand that the information regarding the service not be disclosed to the patient's third party payer since no claim is being made against the third party payer.
Access to E-Health Records
HITECH expands this right, giving individuals the right to access their own e-health record in an electronic format and to direct IMH to send the e-health record directly to a third party. IMH may only charge for labor costs under the new rules.
Accounting of E-Health Records for Treatment, Payment, and Health
IMH does not currently have to provide an accounting of disclosures of PHI to carry out treatment, payment, and health care operations. However, starting January 1, 2014, the Act will require IMH to provide an accounting of disclosures through an e-health record to carry out treatment, payment, and health care operations. This new accounting requirement is limited to disclosures within the three-year period prior to the individual's request.
IMH must either: (1) provide an individual with an accounting of such disclosures it made and all of its business associates disclosures; or (2) provide an individual with an accounting of the disclosures made by IMH and a list of business associates, including their contact information, who will be responsible for providing an accounting of such disclosures upon request.
Ways in Which We May Use and Disclose Your Protected Health Information
We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. We will also disclose your health information to other providers who may be treating you. Additionally we may from time to time disclose your health information to another provider who has been requested to be involved in your care.
We will use and disclose your protected health information to obtain payment for the health care services we provide you. For example - we may include information with a bill to a third-party payer that identifies you, your diagnosis, procedures performed, and supplies used in rendering the service.
Health Care Operations
We will use and disclose your protected health information to support the business activities of our hospital. For example - we may use medical information about you to review and evaluate our treatment and services or to evaluate our staff's performance while caring for you. In addition, we may disclose your health information to third party business associates who perform billing, consulting, or transcription, or other services for our facility.
Other Ways We May Use and Disclose Your Protected Health Information
If we call to remind you of an appointment at our facility, we will only leave the name of the hospital and the time of the appointment. Please let us know if you do NOT wish to be called.
We will use and disclose your protected health information to researchers, provided the research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your health information.
As Required by Law
We will use and disclose your protected health information when required to by federal, state, or local law.
To Avert a Serious Threat to Public Health or Safety
We will use and disclose your protected health information to public health authorities permitted to collect or receive the information for the purpose of controlling disease, injury, or disability. If directed by that health authority, we will also disclose your health information to a foreign government agency that is collaborating with the public health authority.
We will use and disclose your protected health information for worker's compensation or similar programs that provide benefits for work-related injuries or illness.
We will use and disclose your protected health information to a correctional institution or law enforcement official only if you are an inmate of that correctional institution or under the custody of the law enforcement official. This information would be necessary for the institution to provide you with health care; to protect the health and safety of others; or for the safety and security of the correctional institution.
Uses and disclosures that require IMH give you the opportunity to object or "opt out"
If you do not object, we may include your name, location, and general condition in our facility Patient Directory
Used for requests by those who ask for you by name. If you do not object, we also disclose information from the directory and your religious affiliation to clergy who request the same.
Others Involved in Your Care
We may provide relevant portions of your Protected Health Information (PHI) to a family member, a relative, a close friend, or any other person you identify as being involved in your medical care or payment for care. You will be given a password to give to those with whom you wish us to share information. In an emergency or when you are not capable of agreeing or objecting to these disclosures, we will disclose PHI as we determine is in your best interest, but will tell you about it after the emergency, and give you the opportunity to object to future disclosures to family and friends.
We may also provide your contact information (name, address and phone number) and the dates you received services from us, to the IMH Foundation, which handles fundraising efforts.
To Opt Out, please inform the admitting clerk, your nurse, or call the privacy officer at extension 5609. Additionally, any written fundraising communications from the IMH Foundation must state, clearly and conspicuously, your opportunity and the manner in which you may elect not to receive further communications.
Protected Health Information for Marketing Purposes-We will use and disclose protected health information for marketing purposes, including treatment communications, only with the individual's authorization.
Disclosure that Constitutes a Sale of Protected Health Information-We will use and disclose protected health information that constitute the sale of protected health information only with the individual's authorization.
Uses or Disclosures Not Covered by this Notice
Uses or disclosures of your health information not covered by this notice or the laws that apply to us may only be made with your written authorization. You may revoke such authorization in writing at any time and we will no longer disclose health information about you for the reasons stated in your written authorization. Disclosures made in reliance on the authorization prior to the revocation are not affected by the revocation.
Patient Rights Related to Protected Health Information
Although your health record is the physical property of the facility that compiled it, the information belongs to you. You have the right to:
Request an Amendment
You have the right to request that we amend your medical information if you feel that it is incomplete or inaccurate. You must make this request in writing to our Privacy Officer, stating what information is incomplete or inaccurate and the reasoning that supports your request.
We are permitted to deny your request if it is not in writing or does not include a reason to support the request. We may also deny your request if:
- The information was not created by us, or the person who created it is no longer available to make the amendment.
- The information is not part of the record which you are permitted to inspect and copy.
- The information is not part of the designated record set kept by this facility or if it is the opinion of the health care provider that the information is accurate and complete.
You have the right to request a restriction of how we use or disclose your medical information for treatment, payment, or health care operations. For example - you could request that we not disclose information about a prior treatment to a family member or friend who may be involved in your care or payment for care. Your request must be made in writing to the Director of Health Information Management.
We are not required to agree to your request if we feel it is in your best interest to use or disclose that information. If we do agree, we will comply with your request except for emergency treatment.
As stated earlier under HITECH, if a patient pays in full for their services out of pocket they can demand that the information regarding the service not be disclosed to the patient's third party payer since no claim is being made against the third party payer.
Inspect and Copy
You have the right to inspect and copy the protected health information that we maintain about you in our designated record set for as long as we maintain that information. This designated record set includes your medical and billing records, as well as any other records we use for making decisions about you. Any psychotherapy notes that may have been included in records we received about you are not available for your inspection or copying, by law. We may charge you a fee for the costs of copying, mailing, or other supplies used in fulfilling your request.
If you wish to inspect or copy your medical information, you must submit your request in writing to our Privacy Officer: Attention: Privacy Officer, Ivinson Memorial Hospital, 255 N. 30th Street, Laramie, WY 82072 Phone: (307) 742-2141. You may mail your request, or bring it to the Health Information Management office. We will have 30 days to respond to your request for information that we maintain at our facility. If the information is stored off-site, we are allowed up to 60 days to respond but must inform you of this delay.
As stated previously, HITECH expands this right, giving individuals the right to access their own e-health record in an electronic format and to direct IMH to send the e-health record directly to a third party. IMH may only charge for labor costs under electronic transfers of e-health records.
An Accounting of Disclosures
You have the right to request a list of the disclosures of your health information we have made outside of facility that were not for treatment, payment, or health care operations. Psychotherapy notes-for most uses and disclosures of protected health information, we will use and/or disclose only with the individual's authorization, in compliance with Federal law. Your request must be in writing and must state the time period for the requested information. You may not request information for any dates prior to April 14, 2003, nor for a period of time greater than six years (our legal obligation to retain information).
Your first request for a list of disclosures within a 12-month period will be free. If you request an additional list within 12-months of the first request, we may charge you a fee for the costs of providing the subsequent list. We will notify you of such costs and afford you the opportunity to withdraw your request before any costs are incurred.
Request Confidential Communications
You have the right to request how we communicate with you to preserve your privacy. For example - you may request that we call you only at your work number, or by mail at a special address or postal box. Your request must be made in writing and must specify how or where we are to contact you. We will accommodate all reasonable requests.
File a Complaint
If you believe we have violated your medical information privacy rights, you have the right to file a complaint with our facility or directly to the Secretary of the United States Department of Health and Human Services: U.S. Department of Health & Human Services • 200 Independence Avenue, S.W. • Washington, D.C. 20201. Phone: (202) 619-0257 Toll Free: (877) 696-6775.
To file a complaint with our facility, you must make it in writing within 180 days of the suspected violation. Provide as much detail as you can about the suspected violation and send it to our Privacy Officer at 255 N. 30th Street, Laramie, WY 82072.
A Paper Copy of This Notice
You have the right to receive a paper copy of this notice upon request. You may obtain a copy by asking for it.