University Medical
Associates
 
River Rose OB/GYN
 
Centers for
Osteopathic Research
& Education
 
Community Health Programs
 
Free Clinic
 
Notice of Privacy Practices
  Download Privacy Policy
 
 

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY
 

Effective February 15, 2010

We at Ohio University College of Osteopathic Medicine (“OU-COM”) are required by law to maintain the privacy of  patient health information (also known as “protected health information” and referred to herein as “PHI”).  We are required to provide you with notice of our legal duties and privacy practices with respect to your PHI (“Notice”), notify you upon a breach of unsecured PHI, and follow the terms of this Notice.
 

When we say “you” or “your” in this Notice, this refers to the patient or research participant who is the subject of the PHI.  When we say “we,” “our” or “us,” this refers to OU-COM.  

 

YOUR PHI
 

We collect PHI from you through treatment, payment, related healthcare operations, the application and enrollment process, healthcare providers, health plans, or our other activities in connection with the general management of OU-COM.  Your PHI includes any information, oral, written or recorded, that is created or received by certain health care entities, including health care providers, such as physicians and hospitals, as well as, health insurance companies or health plans.  The law specifically protects health information that contains data, such as your name, address, social security number, and others, that could be used to identify you as the individual patient who is associated with that health information.

 

HOW WE MAY USE OR DISCLOSE YOUR PHI

 

Generally, we may not use or disclose your PHI without your permission.  Further, once your permission has been obtained, we must use or disclose your PHI in accordance with the specific terms of that permission.  The following sections describe different ways that we may use or disclose your PHI.

 

Use or Disclosure Not Requiring Your Permission

 

  • Treatment.  We may use your PHI to provide you with health care services and treatment.   Examples: (a)  the provision, coordination, or management of health care and related services by health care providers; (b) consultation between health care providers relating to a patient; or (c) the referral of a patient from one health care provider to another.

 

  • Payment.  We may use your PHI to collect payment for the services and treatment that you receive.  Examples: (a) billing and collection activities and related data processing; (b) actions by a health plan or insurer to obtain premiums or to determine or fulfill its responsibilities for coverage and provision of benefits under its health plan or insurance agreement, determinations of eligibility or coverage, adjudication or subrogation of health benefit claims; (c) medical necessity and appropriateness of care reviews, utilization review activities; and (d) disclosure to consumer reporting agencies of information relating to collection of premiums or reimbursement.

 

  • Health Care Operations.  We may use your PHI for our health care operations.  Examples: (a) development of clinical guidelines; (b) contacting patients with information about treatment alternatives or communications in connection with case management or care coordination; (c) reviewing the qualifications of and training health care professionals; (d) underwriting and premium rating; (e) medical review, legal services, and auditing functions; and (f) general administrative activities such as customer service and data analysis.

 

Use or Disclosure Required By Law

 

§         Public Health Disclosures.  We may disclose your PHI for public health purposes.  Examples: (a) preventing or controlling disease or other injury; (b) public health surveillance or investigations; (c) reporting adverse events with respect to food or dietary supplements or product defects or problems to the Food and Drug Administration; (d) medical surveillance of the workplace or to evaluate whether the individual has a work related illness or injury in order to comply with Federal or state law; (e) disclosures regarding victims of abuse, neglect, or domestic violence including, reporting to social service or protective services agencies.

 

§         Health Oversight Activities.  We may disclose your PHI to governmental, licensing, auditing and accrediting agencies for health oversight activities.  Examples: audits, civil, administrative, or criminal investigations, inspections, licensure or disciplinary actions, or civil, administrative, or criminal proceedings or actions, or other activities necessary for appropriate oversight of government benefit programs.

 

§         To Avert a Serious Threat to Health or Safety.  We may use or disclose your PHI when necessary to prevent a serious threat to health or safety of a person.

 

§         Specialized Government Functions.  We may disclose your PHI to certain specialized government functions.  Examples:  (a) military and veteran’s activities; (b) national security and intelligence activities; (c) protective services of the President and others; (c) medical suitability determinations by entities that are components of the Department of State; (d) correctional institutions and other law enforcement custodial situations.

 

§         Law Enforcement.  We may release your PHI for law enforcement purposes.  Examples:  (a) to identify or locate a suspect, fugitive, material witness, or missing person; (b) to report crimes in emergencies; (c) to report a death; (d) for correctional institutions and other law enforcement custodial situations.

 

§         Legal Proceedings.  We may disclose your PHI to courts, attorneys and court employees when we get a court order, warrant, subpoena, discovery request, or other lawful process in the course of lawful, judicial or administrative proceedings. 

 

§         Coroners, Medical Examiners and Funeral Directors.  We may disclose your PHI to a coroner or medical examiner for the purpose of identifying a deceased person, determining the cause of death or other duties.  We may also disclose you PHI to funeral directors as necessary to carry out their duties. 

 

§         Organ, Eye and Tissue Donation.  If you a donor, we may release your PHI to procurement organization or banks for purposes of cadaveric donation of organs, eyes, or tissue. 

 

§         Workers’ Compensation.  We may disclose your PHI to covered entities that are government programs providing public benefits, and for workers’ compensation.

 

Use or Disclosure Requiring Your Authorization

 

§         Marketing.  We are not permitted to provide your PHI to any other person or company for marketing to you of any products or services.  We are also not permitted to receive payment in exchange for making such marketing communication to you.  However, if the communication describes your prescription drug or biologic, and the payment received is reasonable,: (a) we are permitted to send such communication to you with your authorization; and (b) our business associate may also send such communication to you on our behalf, provided that the communication is consistent with the written contract between us and our business associate.         

 

§         Sale of PHI.  We are not permitted to receive payments for the sale of your PHI.  However, there are exceptions when the purpose of the exchange is for: (a) public health activities; (b) research purposes (if the price charged reflects the cost of preparation and transmittal of the information); (c) your treatment; (d) health care operations related to the sale, merger or consolidation of OU-COM; (e) performance of services by a business associate on our behalf; (f) providing you with a copy of your PHI; or (g) other reasons determined necessary and appropriate by the Secretary of the U.S. Department of Health and Human Services (the “Secretary”).  

 

§         All Other Uses.  Except as otherwise permitted or required, as described in this Notice, we may not use or disclose your PHI without your written authorization.  Further, we are required to use of disclose your PHI consistent with the terms of your authorization.  You may revoke your authorization at any time, except to the extent that we have taken action in reliance on your authorization, or if you provided the authorization as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy.

 

Miscellaneous Activities, Notice
 

We may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be available to you.  We may contact you regarding our fund-raising programs and events but you may opt out from such communication.

YOUR RIGHTS WITH RESPECT TO YOUR PHI

 

Right To Request Restrictions On Use Or Disclosure

You have the right to request restrictions on certain uses and disclosures of your PHI.  We may require written requests.  You may request restrictions on the following uses or disclosures:  (a) to carry out treatment, payment or healthcare operations functions of OU-COM; (b) disclosures to your family members, relatives, or close personal friends of PHI directly relevant to your care or payment related to your health care, location, general condition, or death; (c) instances in which you are not present or when your permission cannot practicably be obtained due to your incapacity or an emergency circumstance; (d) permitting other persons to act on your behalf to pick up filled prescriptions, medical supplies, X-rays, or other similar forms of PHI; or (e) disclosure to a public or private entity authorized by law or by its charter to assist in disaster relief efforts. 

We are not required to agree to any requested restriction, except for the health plan restriction request described below.  However, if we agree to a restriction, we are bound not to use or disclose your PHI in violation of such restriction, except in certain emergency situations.  

We are required to honor your request for restriction if the disclosure is to a health plan for purposes of carrying out treatment, payment or health care operations and the PHI relates solely to treatment or services for which the health care provider has been paid out-of-pocket and in full. 

You cannot request to restrict uses or disclosures that are otherwise required by law.

 

Right To Receive Confidential Communications

You have the right to receive confidential communications of your PHI.  You may request to receive such communications by alternative means or at alternative locations.  We may require written requests.  We may not require you to provide an explanation of the basis for your request as a condition of providing such communications to you.    

Right To Inspect And Copy Your PHI

 

We maintain your designated record set including medical records and billing records, enrollment, payment, claims adjudication, and case and medical management records.  You have the right of access to inspect and obtain a copy your PHI contained in your records, except for (a) psychotherapy notes, (b) information complied in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding, and (c) health information maintained by us to the extent to which the provision of access to you would be prohibited by law. 

We may require written requests for access.  We must provide you with access to your PHI in the form or format requested by you, if it is readily available, or, if not, in a readable hard copy form.  Alternatively, with your prior approval and for a fee, we may prepare a summary of the your PHI for you.  We will provide you with timely access, including arranging a convenient time and place for you to inspect or obtain copies of your PHI or mailing a copy to you at your request.  We will discuss the scope, format, and other aspects of your request for access as necessary to facilitate timely access.  We may charge a reasonable cost-based fee for preparation, copying and postage, as applicable.

We reserve the right to deny you access to and copies of certain PHI as permitted or required by law.  We will reasonably attempt to accommodate your request and, to the extent possible, provide you access to your PHI after excluding the information for which access has been denied.  Upon denial, we will provide you with a written denial specifying the basis for denial, a statement of your rights, and a description of how you may file a complaint with us.  If we do not have the information but know where it is maintained, we will inform you of where to direct your request for access.

Right To Amend Your PHI

 

You have the right to amend your PHI for as long as we maintain your designated record set.  We have the right to deny your request for amendment, if: (a) the information was not created by us, unless you can demonstrate to us that the originator of the information is no longer available to make the amendment; (b) the information is not part of your designated record set; (c) the information is prohibited from inspection by law; or (d) the information is accurate and complete. 

 

We may require that you submit written requests and provide a reason to support the requested amendment.  If we deny your request, we will provide you with a written denial stating the basis of the denial, your right to submit a written statement disagreeing with the denial, and a description of how you may file a complaint with us or the Secretary.  If you do not submit a statement of disagreement, you may ask that we include your request for amendment and the denial with any future disclosures of your PHI that you wanted changed.  Copies of all requests, denials, and statements of disagreement will be included in your designated record set. 

 

If we accept your request for amendment, we will inform and provide the amendment within a reasonable time to persons identified by you as having received your PHI prior to the amendment and persons that we know have the PHI that is the subject of the amendment and that may have relied, or could foreseeably rely, on such information to your detriment.  All requests for amendment shall be sent to: OU-COM Privacy Officer, 322 Grosvenor Hall, Athens, Ohio 45701.

 

Right To Receive An Accounting Of Disclosures Of Your PHI

 

You have the right to receive an accounting of the disclosures of your PHI that we have made.  However, we will not provide an accounting for disclosures made before April 14, 2003, or those made earlier than 6 years from the date of your request.  Your request for an accounting of disclosures must be in writing and include the time period of the disclosures.  We will provide you an accounting which will include the date of each disclosure, the name of the receiving organization and address if known, a brief description of the information disclosed, and a brief statement of the purpose of the disclosure or a copy of your written request for the information. 

 

We are not required to provide accountings of disclosures for the following purposes: (a) treatment, payment and healthcare operations, (b) disclosures pursuant to your authorization, (c) disclosures to you, (d) for a facility directory or to persons involved in your care, (e) for national security or intelligence purposes, (f) to correctional institutions, and (g) with respect to disclosures occurring prior to April 14, 2003.  We reserve the right to temporarily suspend your right to receive an accounting of disclosures to health oversight agencies or law enforcement officials, as required by law.  We will give you the first accounting within any 12-month period for free, but will charge a reasonable cost-based fee for all subsequent requests for accounting within that same 12-month period.  All requests for an accounting shall be sent to OU-COM Privacy Officer, 322 Grosvenor Hall, Athens, Ohio 45701.

 

If we use or maintain electronic health records (“EHR”) for your PHI, you have the right to receive an accounting of disclosures which includes all disclosures for purposes of payment, health care operations, or treatment over the past 3 years.  For EHRs acquired before January 1, 2009, the new accounting requirements apply to all disclosures for purposes of payment, health care operations, or treatment occurring on or after January 1, 2014.  If an EHR is acquired after January 1, 2009, however, the new accounting requirements apply to all such disclosures occurring on or after January 1, 2011.  However, the Secretary may delay the effective dates related to such requests to no later than 2016 and 2013 respectively.  You have the right to access your PHI contained in an EHR, and to direct us to send a copy of the EHR to a designated third party.  

 

Right To Receive Notifications of Data Breach

We are required to notify you upon a breach of any unsecured PHI.  PHI is “insecured” if it is not protected by a technology or methodology specified by the Secretary.  The notice must be made within 60 days from when we become aware of the breach.  The notice must include: (a) a brief description of the breach, including the date of breach and discovery; (b) a description of the types of unsecured PHI disclosed or misappropriated during the breach; (c) the steps you can take to protect your identity; (d) a description of our actions to investigate the breach and mitigate harm now and in the future; and (e) contact procedures (including a toll-free telephone number) for affected individuals to find additional information. 

We must notify you in writing by first class mail (unless you have opted for electronic communications with us).  However, if we have insufficient contact with you, an alternative notice method (posting on website, broadcast media, etc.) may be used. 

If a breach affects more than 500 individuals, we must immediately notify the Secretary after which the Secretary will post our name on its internet website.  Additionally, we may be required to publish a notice in a prominent media outlet in each state or jurisdiction where more than 500 individuals’ unsecured PHI has been breached.  For breaches involving less than 500 individuals, we may maintain a log of such breaches to submit annually to the Secretary.  Finally, we may give telephonic notice to you if we reasonably believe there is a possibility of imminent misuse of your unsecured PHI; however, such telephonic notice will not substitute for our written notice obligations.

COMPLAINTS

 

You may file a complaint with us and with the Secretary if you believe that your privacy rights have been violated.  You may submit your complaint in writing by mail or electronically to: OU-COM Privacy Officer, 322 Grosvenor Hall, Athens, Ohio 45701.  Your complaint must: (a) name the violating entity; (b) describe the violation; and (c) be received by us or filed with the Secretary within 180 days of when you knew the act occurred.  We will not retaliate against you for filing a complaint.

 

AMENDMENTS TO THIS PRIVACY POLICY

 

We reserve the right to change the terms of this Notice at any time and make the changes effective for all PHI we maintain, including PHI existing prior to the amendment date.  We will notify you of any changes to this Notice or laws affecting this Notice, by mail or electronically within 60 days of the effective date of such change.

 

ON-GOING ACCESS TO PRIVACY POLICY

 

We will provide you with a copy of the most recent version of this Notice at any time upon your written request to: OU-COM Privacy Officer, 322 Grosvenor Hall, Athens, Ohio 45701 or at the following website address: www.oucom.ohio.edu.  You may also contact our privacy officer for further information regarding the issues covered by this Notice.

 

103109771.5

  Ohio University
Heritage College of Osteopathic Medicine
Grosvenor Hall | Athens, Ohio 45701
Tel: 740-593-2500
Copyright Ohio University (Home)
Last updated: 05/03/2012