Notice of Privacy Practices for Protected Health Information

The Sylacauga Health Care Authority d/b/a Coosa Valley Medical Center (“Provider”) is dedicated to protecting your health information. Provider is required by law to maintain the privacy of protected health information, to provide you adequate notice of your rights and our legal duties and privacy practices with respect to protected health information and to notify affected individuals following a breach of unsecured protected health information.  45 CFR § 164.520. “Protected Health Information” is defined at 45 CFR § 164.501 and includes past, present and future information created or received by Provider. It also includes demographic information that may identify you and that relates to your past, present or future medical condition (physical or mental), the providing of health care to you, or payment for the health care treatment. We will use or disclose Protected Health Information in a manner that is consistent with this notice.

WHAT IS THIS NOTICE?

Provider maintains a record (paper/electronic file) of the information we receive and collect about you and of the care we provide to you. This record includes physicians’ orders, assessments, medication lists, clinical progress notes and billing information. This Notice of Privacy Practices describes how we may use and disclose your Protected Health Information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights regarding your Protected Health Information.

As required by law, Provider maintains policies and procedures about our work practices, including how we coordinate care and services provided to our patients. These policies and procedures include how we create, receive, access, transmit, maintain and protect the confidentiality of all health information in our workforce and with contracted business associates and/or subcontractors; security of Provider’s building and electronic files; and how we educate staff on privacy of patient information.

PERMITTED AND REQUIRED USES AND DISCLOSURES.

As our patient, information about you must be used and disclosed to other parties for purposes of treatment, payment and health care operations. Examples of information that must be disclosed:

• Treatment: Providing, coordinating or managing health care and related services, consultation between health care providers relating to a patient or referral of a patient for health care from one provider to another. For example, we may need to give information to doctors, nurses, technicians, medical students or other personnel who are involved in taking care of you both in and outside of Provider’s office.
• Payment: Billing and collecting for services provided, determining plan eligibility and coverage, utilization review (UR), precertification, and medical necessity review. For example, we may need to give information to your health plan about surgery you received so that your health plan will pay us or reimburse you for the surgery. We may also tell your health plan about a treatment you are going to receive in order to obtain prior approval or to determine whether your plan will cover the treatment.
• Health Care Operations: General agency administrative and business functions, quality assurance/improvement activities; medical review; auditing functions; developing clinical guidelines; determining the competence or qualifications of health care professionals; evaluating agency performance; conducting training programs with students or new employees; licensing, survey, certification, accreditation and credentialing activities; internal auditing; and certain fundraising activities, if applicable, and with your authorization, marketing activities. For example, we may disclose medical information to review our treatment and services and to evaluate the performance of our staff in caring for you. We also may disclose information to doctors, nurses, technicians, medical students, and other personnel for review and learning purposes. The medical information we have may be combined with medical information from other sources in order to compare how we are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of medical information so that others may use it to study health care and health care delivery without learning who the specific patients are.

The following uses and disclosures do not require your consent, and include, but are not limited to, a release of information contained in financial records and/or medical records, including information concerning communicable diseases such as Human Immune Deficiency Virus (HIV) and Acquired Immune Deficiency Syndrome (AIDS), drug/alcohol abuse, psychiatric diagnosis and treatment records and/or laboratory test results, if applicable, medical history, treatment progress and/or any other related information as permitted by state law to:

1. Your insurance company, self-funded or third-party health plan, Medicare, Medicaid or any other person or entity that may be responsible for paying or processing for payment any portion of your bill for services;
2. Any person or entity affiliated with or representing us for purposes of administration, billing and quality and risk management;
3. Any hospital, nursing home or other health care facility to which you may be admitted;
4. Any assisted living or personal care facility of which you are a resident;
5. Any physician providing you care;
6. Licensing and accrediting bodies, including the information contained in the OASIS Data Set to the state agency acting as a representative of the Medicare/Medicaid program;
7. Contact you to raise funds for Provider; you will be given the right to opt out of receiving such communications, if applicable;
8. Any business associate or institutionally related foundation for the purpose of raising funds for the agency (information may include: demographics – name, address, contact information, age, gender, date of birth; dates of health care provided; department of services; treating physician; outcome information; and health insurance status), if applicable. You will be given the right to opt out;
9. Refill reminders for drugs, biologicals and/or drug delivery systems that have already been prescribed to you;
10. Marketing communications promoting health products, services and information programs or communications if the communication is made face to face with you or the only financial gain consists of a promotional gift of nominal value provided by Provider; and
11. Other health care providers to initiate treatment.
    

We are permitted to use or disclose information about you without consent or authorization in the following circumstances:

1. In emergency treatment situations, if we attempt to obtain consent as soon as practicable after treatment;
2. Where substantial barriers to communicating with you exist and we determine that the consent is clearly inferred from the circumstances;
3. Where we are required by law to provide treatment and we are unable to obtain consent;
4. Where the use or disclosure of medical information about you is required by federal, state or local law;
5. To provide information to state or federal public health authorities, as required by law to:  prevent or control disease, injury or disability; report births and deaths; report child abuse or neglect; report reactions to medications or problems with products; notify persons of recalls of products they may be using; notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence (if you agree or when required or authorized by law)
6. Health care oversight activities such as audits, investigations, inspections and licensure by a government health oversight agency as authorized by law to monitor the health care system, government programs and compliance with civil rights laws;
7. To business associates regulated under HIPAA that work on our behalf under a contract that requires appropriate safeguards of Protected Health Information;
8. Certain judicial administrative proceedings if you are involved in a lawsuit or a dispute.  We may disclose medical information about you in response to a court or administrative order, a subpoena, discovery request or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested;
9. Certain law enforcement purposes such as helping to identify or locate a suspect, fugitive, material witness or missing person, or to comply with a court order or subpoena and other law enforcement purposes;
10. To coroners, medical examiners and funeral directors, in certain circumstances, for example, to identify a deceased person, determine the cause of death or to assist in carrying out their duties;
11. For cadaveric organ, eye or tissue donation purposes to communicate to organizations involved in procuring, banking or transplanting organs and tissues (if you are an organ donor);
12. For certain research purposes under very select circumstances.  We may use your health information for research.  Before we disclose any of your health information for such research purposes, the project will be subject to an extensive approval process.  We may also request your written authorization before granting access to your individually identifiable health information but are not required to do so;
13. To avert a serious threat to health and safety: To prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public, such as when a person admits to participation in a violent crime or serious harm to a victim or is an escaped convict. Any disclosure, however, would only be to someone able to help prevent or lessen the threat;
14. For specialized government functions, including military and veterans’ activities, national security and intelligence activities, protective services for the President, foreign heads of state and others, medical suitability determinations, correctional institution and custodial situations; and
15. For Workers’ Compensation purposes: Workers’ compensation or similar programs provide benefits for work-related injuries or illness.
    

We are permitted to use or disclose information about you provided you are informed in advance and given the opportunity to individually agree to, prohibit, or restrict the use or disclosure in the following circumstances:

1. Use or disclosure of a directory (including name, location, condition described in general terms and/or religious affiliation) of individuals served by Provider;
2. Provide proof of immunization to a school that is required by state or other law to have such proof with agreement to disclosure by parent, guardian or other person acting in loco parentis of the individual, if the individual is an unemancipated minor; and
3. Provide a family member, relative, friend, or other identified person, prior to, or after your death, the information relevant to such person’s involvement in your care or payment for care; to notify a family member, relative, friend, or other identified person of your location, general condition or death.

Other uses and disclosures not covered in this notice will be made only with your written authorization. Authorization is required and may be revoked, in writing, at any time, except in limited situations, for the following disclosures:

1. Marketing of products or services or treatment alternatives, including any subsidized treatment communications, that may be of benefit to you when we receive direct payment from a third party for making such communications, other than as set forth above with regard to face-to-face communications and promotional gifts of nominal value;
2. Psychotherapy notes under most circumstances, if applicable; and
3. Any sale of Protected Health Information resulting in financial gain by Provider unless an exception is met.

“No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.”

YOUR RIGHTS

You have the right, subject to certain conditions, to:

• Request restrictions on uses and disclosures of your Protected Health Information for treatment, payment or health care operations. However, we are not required to agree to any requested restriction. Restrictions to which we agree will be documented. Agreements for further restrictions may, however be terminated under applicable circumstances (e.g., emergency treatment).

        We must agree to your request to restrict disclosure of Protected Health Information about you to a health plan if: 1) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and 2) the Protected Health Information pertains solely to a health care item or service for which you or someone on your behalf paid the covered entity in full. (164.522 Rights to request privacy protection for Protected Health Information).

• Confidential communication of Protected Health Information. We will arrange for you to receive Protected Health Information by reasonable alternative means or at alternative locations. Your request must be in writing and must contain a statement that disclosure of all or part of the information to which the request pertains could endanger you.  We do not require an explanation for the request as a condition of providing communications on a confidential basis and will attempt to honor reasonable requests for confidential communications.

If you request your Protected Health Information to be transmitted directly to another person designated by you, your written request must be signed and clearly identify the designated person and where the copy of Protected Health Information is to be sent.

• Inspect and obtain copies of Protected Health Information that is maintained in a designated record set, except for psychotherapy notes, information compiled in reasonable anticipation of, or for use in, a civil, criminal or administrative action or proceeding, or Protected Health Information that may not be disclosed under the Clinical Laboratory Improvements Amendments of 1988 [42 USC § 263a and 45 CFR 493 § (a)(2)].  If you request a copy of your health information, we will charge a reasonable, cost-based fee, that includes only the cost of labor for copying, supplies, postage, if applicable, and preparing an explanation or summary of the projected health information if agreed to, in accordance with applicable state and federal regulations. If the requested Protected Health Information is maintained electronically and you request an electronic copy, we will provide access in an electronic format you request, if readily producible, or if not, in a readable electronic form and format mutually agreed upon. IF YOU REQUEST AN ELECTRONIC COPY, PROVIDER HEREBY EXPRESSLY DISCLAIMS ALL DUTIES AND RESPONSIBILITY FOR THE SECURITY AND PROTECTION OF SUCH INFORMATION ONCE TRANSMITTED TO YOU AND HAS NO CONTROL OVER ACCESS TO THAT INFORMATION AFTER THE TRANSMISSION TO YOU THEREOF.  ALL SUCH INFORMATION MAINTAINED BY PROVIDER WILL CONTINUE TO BE SECURED AND PROTECTED AS REQUIRED BY APPLICABLE LAW.

If we deny access to Protected Health Information, you will receive a timely, written denial in plain language that explains the basis for the denial, your review rights and an explanation of how to exercise those rights. If we do not maintain the medical record, we will tell you where to request the Protected Health Information if we have knowledge thereof.

• Request to amend Protected Health Information for as long as the Protected Health Information is maintained in the designated record set. A request to amend your record must be in writing and must include a reason to support the requested amendment.  We will act on your request within sixty (60) days of receipt of the request. We may extend the time for such action by up to thirty (30) days, if within the initial sixty (60) days we provide you with a written explanation of the reasons for the delay and the date by which we will complete action on the request.

We may deny the request for amendment if the information contained in the record was not created by us, unless you provide a reasonable basis for believing the originator of the information is no longer available to act on the requested amendment; is not part of the designated medical record set; would not be available for inspection under applicable laws and regulations; or the record is accurate and complete. If we deny your request for amendment, you will receive a timely, written denial in plain language that explains the basis for the denial, your rights to submit a statement disagreeing with the denial and an explanation of how to submit that statement.

• Receive an accounting of disclosures of Protected Health Information made by Provider for up to six (6) years prior to the date on which the accounting is requested for any reason other than for treatment, payment or health operations and other applicable exceptions. The written accounting includes the date of each disclosure, the name of the entity or person who received the Protected Health Information and, if known, the address, a brief description of the information disclosed and a brief statement of the purpose of the disclosure or a copy of the written request for disclosure. We will provide the accountings within sixty (60) days of receipt of a written request. However, we may extend the time period for providing the accounting by thirty (30) days if within the initial sixty (60) days we provide you with a written statement of the reasons for the delay and the date by which you will receive the information. We will provide the first accounting you request during any 12-month period without charge. Subsequent accounting requests within the applicable 12-month period may be subject to a reasonable cost-based fee, which fee information will be provided to you in advance of fulfilling your request; you will also have an opportunity upon receipt of fee information to withdraw or modify your request for the accounting in order to avoid or reduce the applicable fee.
• Receive notification of any breach in the acquisition, access, use or disclosure of unsecured Protected Health Information by Provider, its business associates and/or subcontractors.
• Obtain a paper copy of this notice from us upon request, even if you had previously agreed to receive this notice electronically. We reserve the right to amend this notice of privacy practices at any time.

COMPLAINTS

If you believe that your privacy rights have been violated, you may complain to Coosa Valley Medical Center directly or to the Secretary of the U.S. Department of Health and Human Services. There will be no retaliation against you for filing a complaint. The complaint should be filed in writing, and should state the specific incident(s) in terms of subject, date and other relevant matters. A complaint to the Secretary must be filed in writing within 180 days of when the act or omission complained of occurred, and must describe the acts or omissions believed to be in violation of applicable requirements.  45 CFR § 160.306.  For further information regarding filing a complaint, contact:

Privacy Officer

The Sylacauga Health Care Authority d/b/a Coosa Valley Medical Center

Brad McCormick 

Privacy Compliance Officer

(256) 401-4534

or our Compliance Hotline @ (256) 401-4358

EFFECTIVE DATE

This notice is effective: September 23, 2013. We are required to abide by the terms of the notice currently in effect, but we reserve the right to change these terms as necessary for all Protected Health Information that we maintain. If we change the terms of this notice (while you are receiving service), we will promptly revise and distribute a revised notice to you as soon as practicable by mail, e-mail (if you have agreed to electronic notice), hand delivery or by posting on our website at http://cvhealth.net.

If you require further information about matters covered by this notice or to make any of the foregoing requests, please contact:

Privacy Officer

The Sylacauga Health Care Authority d/b/a Coosa Valley Medical Center

Brad McCormick

Privacy Compliance Officer

(256) 401-4534

SMS Terms
By providing us with your mobile number and opting-in, you give CVMC permission to send you account-related text messages, like payment reminders and notifications in conjunction with the services you have requested.

• The number of messages will vary by account.
• By providing us with your mobile number and opting-in, you agree you have ownership rights or permission to use the number given to us.
• Message and data rates may apply.
• To opt-out, text STOP to any text message we send you. An opt-out confirmation message will be sent back to you.
• To request support, text HELP to any text message we send you or call or text us at  205-432-0104.
• If your handset does not support MMS, any MMS messages sent may be delivered as SMS messages.
• Wireless carriers are not liable for undelivered or delayed messages.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt in data and consent; this information will not be shared with any third parties.