|Effective November, 2013
This notice describes how medical information about you may be used and disclosed and how you can access this information.
Please review it carefully.
OUR PRIVACY PRACTICES
Signature Healthcare is committed to protecting the privacy of our patients’ protected health information (“PHI”). PHI is information which:
identifies you, or can reasonably be used to identify you; and
relates to: your physical or mental health or condition, health care services provided to you or payment for those health care services.
We safeguard oral, written and electronic PHI throughout all of Signature Healthcare. We have internal policies and procedures designed to protect the privacy and security of your PHI. Signature Healthcare is required by law, including the Health Insurance Portability & Accountability Act (HIPAA) to protect the privacy of your PHI and to provide you with a copy of this Notice of Privacy Practices (“Privacy Notice” or “Notice”). This Notice describes how we may collect, use and disclose your PHI and your rights concerning your PHI. All organizations controlled or owned by Signature Healthcare and all medical staff and affiliated health care providers must follow this Privacy Notice. A copy of Signature Healthcare’s Notice of Privacy Practices is posted at each of our locations in the registration areas. You can request a copy of our Privacy Notice from your provider or the registration area.
OUR USES AND DISCLOSURES OF YOUR PHI
As a health care provider, federal law permits us to make certain uses and disclosures of your PHI without your specific/written authorization. This includes uses and disclosures for:
Treatment: We may share your health information (PHI) with doctors, nurses and other health care providers who are involved in your care. For example, a doctor may share your health information (PHI) with another doctor or specialist at Brockton Hospital or at another facility to assist with your treatment.
Payment: We may use and disclose PHI for payment purposes—to be paid for the health care services provided to you. Payment includes activities such as: submitting claims to insurance companies/health plans or government programs; participating in utilization review activities; coordinating benefits and collection activities.
Health Care Operations: We may use and disclose your health information (PHI) to conduct our health care operations. For example, we may use your PHI to run the hospital and physician practices; to monitor and improve the quality of health care; to review the qualifications and performance of health care providers and staff, and to review medical records for completeness and accuracy. We may also disclose PHI to doctors, nurses, technicians, medical students and other personnel for review and learning purposes. Health care operations also includes business activities, such as: business planning; purchasing insurance; arranging for legal and auditing services (including fraud and detection programs); and obtaining licenses and accreditations. We do not disclose PHI that is genetic information for insurance underwriting purposes. Written authorization is generally required for the following uses or disclosures: most uses and disclosures of psychotherapy notes; for marketing purposes, including subsidized communications; any sale of PHI and any other uses and disclosures not described in this Notice. If ownership of our organization or one of our affiliates changes as a result of a sale, transfer, merger or consolidation, your PHI may be disclosed to the new entity.
Business Associates: In connection with treatment, payment and operations, we may share your PHI with our affiliates and other organizations and individuals (“Business Associates”) that perform activities for us, or on our behalf, for example: with a durable medical equipment company. We will obtain assurances from our Business Associates that they will safeguard your PHI as required by law.
Appointment Reminders, Treatment Alternatives and Health/Wellness Information: We may use your PHI to contact you about: appointment reminders; treatment alternatives; therapies; other health care providers; or health care benefits, services or products that may be of interest to you. For example, we may send you information about high blood pressure or weight loss.
Hospital Patient Directory: If you do not object, while you are a patient in the hospital, we will include your name, room number, general condition and religious affiliation in our Hospital Patient Directory. The information in this Directory, except for your religious affiliation, may be provided to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they don’t ask for you by name. Tell the hospital staff if you do not want to be listed in the Patient Directory or if you want to limit your information.
Personal Representatives: Unless prohibited by law, we may disclose your PHI to your Personal Representative, if you have one. A Personal Representative is a person who has legal authority to act on your behalf regarding your health care. For example, an individual named as a health care proxy or a parent or guardian of an unemancipated minor is a Personal Representative.
Family and Friends: We may disclose PHI to your family member or friend, or anyone you identify, when: You give us your permission to do so prior to the disclosure; or if you are incapacitated or in an emergency situation, if, in our professional judgement and based on common practice, we determine that disclosing PHI is appropriate.
Fundraising: We may use demographic information about you, including your name, address, age and gender, and the dates that you received treatment to contact you about our fundraising efforts. If you do not want us to contact you for fundraising purposes, please contact the Signature Healthcare Foundation Office at 508-941-7078 or email us at Giving@ signature-healthcare.org.
Public Health and Safety: We may disclose your PHI to public health officials to carry out public health activities and investigations or to government agencies for health oversight activities such as: preventing or controlling diseases; audits, disciplinary actions and licensure. We may also disclose your PHI when authorized by law, to appropriate authorities, if we reasonably believe you or a child are a victim of abuse, neglect, or domestic violence; or when in good faith we believe that it is necessary to prevent a serious and imminent threat to your or other’s health or safety. We may also disclose your PHI for product monitoring, repair and recall to a person or company authorized by the Food & Drug Administration to conduct such activities.
Coroners, Medical Examiners/Organ Donation: We may disclose PHI, under certain conditions, to coroners, funeral directors and medical examiners and if applicable to organizations regarding organ donation.
Research: In most cases, we will ask your permission before using or sharing your health information for research purposes; however, there may be certain situations where we may disclose your PHI to researchers if certain steps are taken to protect your privacy.
Legal Actions, Requirements/Law Enforcement/Government Activities: We may disclose your PHI in the course of legal proceedings; in response to a subpoena, discovery request or other legal process; to law enforcement officials, such as in response to a warrant or subpoena, or for certain government activities, such as national security and intelligence. We may also disclose your PHI when authorized to do so by workers compensation laws. Your PHI may also be disclosed when required by law and/or government regulators. For example, we must disclose your PHI upon request to the U.S. Department of Health and Human Services regarding a possible breach of federal privacy laws.
De-Identified Health Information: We may use or disclose health information if we have de-identified the information, which can be done by an expert determination or by removing certain identifiers.
Incidental Disclosures: We will take all legally required and reasonable steps to protect the privacy of your health information. However, certain disclosures of your health information may occur during, or as an unavoidable result of, a permissible use of your health information. For example, as an in-patient at a hospital, other patients or their guests may overhear a discussion about your health care condition.
Minimum Necessary: Signature Healthcare is required to take reasonable steps to limit the use or disclosure of, and requests for, protected health information (PHI) to the minimum amount necessary to accomplish the permitted purpose. This minimum necessary standard does not apply to the following:
-Disclosures to or requests by a health care provider for treatment purposes.
-Disclosures to the individual who is the subject of the information.
-Uses or disclosures made pursuant to an individual’s authorization.
-Uses or disclosures required for compliance with the HIPAA Administrative Simplification Rules.
-Disclosures to the Department of Health and Human Services (HHS) when disclosure of PHI is required under the Privacy Rule for enforcement purposes.
-Other uses or disclosures that are required by law.
The following is a summary of your rights regarding your protected health information (PHI):
• Right of Access to PHI: You have the right to inspect and get a copy of most PHI Signature Healthcare has about you, or a summary of the PHI, if that is what you agreed to in advance. Requests must be made in writing and reasonably describe the information you would like to inspect or copy. If your PHI is maintained electronically, you also have the right to request an electronic copy. We can charge a reasonable cost-based fee for paper or electronic copies as set by state or federal law. Under certain circumstances, we may deny your request. If we do, we will send you a written notice of the denial, including the reason. You may request that we send a copy of your PHI to another person. Such a request must be in writing, signed by you, and identify the person and address where the PHI should be sent.
• Right to Request Restrictions: You have the right to ask that we restrict uses or disclosures of your PHI to carry out treatment, payment and health care operations; or restrict disclosures to family members or friends. We will consider such requests but, in certain circumstances, we may be required by law to disclose the information. Requests may be made verbally or in writing to Signature Healthcare at the address listed below and should identify the information to be restricted, the type of restriction, (use of information, or disclosure or both) and to whom the limits should apply.
• Right to Limit Disclosures to Health Plans: You have the right to request that we not disclose information about care you receive at Signature Healthcare to a health plan if you have paid out-of-pocket for that care. Upon such a request, we will not disclose the information, unless for treatment purposes or if disclosure is required by law.
• Right to Receive Confidential Communications: You have the right to request that we communicate with you about your health care information in a certain way or at a specific address. For example, you may ask us to mail your information to an address other than your home address. We will accommodate your request if: you state that disclosure of your PHI using our usual methods could endanger you; your request is reasonable and you specify the alternative means or location. Requests may be made verbally or in writing to Signature Healthcare.
• Right to Amend PHI: You have the right to request that we amend the PHI we have about you. Requests to amend must be in writing to Signature Healthcare and must include a reason for the amendment. We may deny your request under certain circumstances. If we do, we will send you a written notice describing the reason for our denial and your right to submit a written statement disagreeing with our decision.
• Right to Receive an Accounting of Disclosures: You have the right to a written accounting of the disclosures of your PHI that we have made in the last six years prior to the date you request the accounting. Unless otherwise provided by law, this right does not apply to disclosures made for treatment, payment or health care operations; disclosures made to you or people you have designated; disclosures authorized by you or your personal representative; disclosures made before April 14, 2003; and certain other disclosures, such as those for national security purposes. If you request an accounting more than once in a 12-month period we may charge you a reasonable fee. All requests for an accounting of disclosures must be made in writing to Signature Healthcare at the address listed below.
• Right to Authorize Other Uses and Disclosures: You have the right to authorize any use or disclosure of PHI that is not specified within this Notice. For example, you may give us written authorization to use or disclose your PHI for marketing. You may revoke an authorization in writing, at any time, except to the extent we have used or disclosed your PHI relying upon your authorization.
• Right to Receive Notice of a Privacy Breach: You have the right to receive a written notice if we discover a breach of your unsecured PHI and we determine through a risk assessment that notification is required.
• Right to a Copy of this Notice: You have a right to request a paper copy of this Notice of Privacy Practices.
• How to Exercise Your Rights: To exercise any of the individual rights described above or for more information, please call Signature Healthcare at 508-941-7072 or write to us at the address below.
Unless one of the above conditions applies, we will not use or disclose your PHI, without your written permission (“authorization”).
Signature Healthcare also has a record retention policy and abides by the requirements of Massachusetts General Laws Chapter 111, Section 70. If state or other federal laws provide for greater privacy protections than outlined in this Notice, we will follow the stricter requirements. For example, under certain conditions, records that include information about alcohol or drug abuse treatment or AIDS-related testing or treatment may not be disclosed without your authorization.
EFFECTIVE DATE OF NOTICE
This Notice takes effect September 23, 2013. We must follow the privacy practices described in this Notice. This Privacy Notice replaces any other information you have previously received from us about the privacy of your medical information.
CHANGES TO THIS NOTICE OF PRIVACY PRACTICES
We may change the terms of this Notice of Privacy at any time and make the new Notice effective for all PHI that we maintain—whether created or received before or after the effective date of the new Privacy Notice.
WHO TO CONTACT FOR QUESTIONS, COMPLAINTS OR COPIES OF PRIVACY NOTICE
If you would like more information or a paper copy of this Privacy Notice, please contact your physician or our Privacy Officer at the address or number listed below. If you believe your privacy rights may have been violated, you have a right to complain to Signature Healthcare by calling our Privacy Officer at 508-941-7072 or write to:
Attn: Privacy Officer
680 Centre St.
Brockton, MA 02302
You also have a right to complain to the Secretary of Health and Human Services. We will not retaliate against you for filing a complaint.