Notice of Privacy Practices for Protected Health Information
Effective April 14, 2003
As Amended by HITECH ACT Provisions Effective February 17, 2010
As Amended by HITECH ACT Final Rule Effective March 26, 2013
This Notice of Privacy Practices applies to IJKG Opco, LLC, HUMC Opco LLC, Hudson Hospital Opco, LLC, and other affiliated entities listed at the bottom of this Notice* that have identified themselves as an Organized Health Care Arrangement (“OHCA”) for purposes of federal privacy requirements. The organizations participating in this Organized Health Care Arrangement may use and disclose your health information with each other as necessary for treatment, to obtain payment for treatment, for administrative purposes, to evaluate the quality of care that you receive, and any other joint health care operations of the OHCA.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
If you have any questions about this notice, please call the Organized Health Care Arrangement Privacy Officer:
Bayonne Medical Center
Hoboken University Medical Center
CarePoint Health Medical Group
CarePoint Health Plan
McCabe Ambulance Service Inc.
OUR PLEDGE REGARDING MEDICAL INFORMATION
We understand that medical information about you and your health is personal. With this understanding, please be assured that the OHCA entities are committed to protecting the privacy of your medical information (also known as “protected health information” or “PHI”) and all of your privacy rights.
The information concerning your care and treatment at an OHCA affiliate is found in your medical record. We need this record to provide you with quality care and to comply with certain legal requirements.
This Notice applies to all of the records of your care generated by an OHCA affiliate, whether made by Medical Center personnel or your personal doctor.
Your personal doctor may have different policies or notices regarding the doctor’s use and disclosure of your medical information created in the doctor’s office or clinic.
This Notice will tell you about the ways in which we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of medical information.
We are required by law to:
- make sure that medical information that identifies you is kept private and disclose such information only in a manner as permitted by law;
- give you this Notice of our legal duties and privacy practices with respect to medical information about you,
- and follow the terms of the Notice that are currently in effect.
WAYS IN WHICH WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. We will also disclose your health information to other providers who may be treating you. Additionally we may from time to time disclose your health information to another provider who has been requested to be involved in your care. This does not apply to any psychotherapy notes created or maintained by us, release of which requires your specific authorization.
We will use and disclose your protected health information to obtain payment for the health care services we provide you. For example—we may include information with a bill to a third-party payer that identifies you, your diagnosis, procedures performed, and supplies used in rendering the service. However, you may prevent us from doing so by following procedures specified under “Request Restrictions”, below.
Health Care Operations
We will use and disclose your protected health information to support the business activities of any of the OHCA entities. For example—we may use medical information about you to review and evaluate our treatment and services or to evaluate our staff’s performance while caring for you. In addition, we may disclose your health information to third party business associates who perform billing, consulting, or transcription, or other services for our facility. Our agreements with them require that they protect your information in accordance with HIPAA law and industry standards.
OTHER WAYS WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
We may contact you by phone, mail or e-mail to remind you of an appointment at our facility. We will only leave the name of the hospital and the time of the appointment, and will honor your request if you do not wish to be contacted.
We may use and disclose your protected health information to researchers, provided the research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your health information.
Lawsuits and Disputes
If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if the party seeking the information has provided us with satisfactory assurance that you have been given notice of the request and that the party seeking the information has received a protective order to protect the information requested.
We may release medical information if asked to do so by a law enforcement official:
- in response to a court order, subpoena, warrant, summons or similar process
- to identify or locate a suspect, fugitive, material witness, or missing person
- in cooperation with legitimate state or Federal investigations such as fraud, or activities including national security, intelligence and protective services
- about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement
- about a death we believe may be the result of criminal conduct
- about criminal conduct at the Medical Center
- in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime
Coroners, Medical Examiners and Funeral Directors
We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients we have treated to funeral directors as necessary to perform their duties.
To Avert a Serious Threat to Public Health or Safety
We will use and disclose your protected health information to public health authorities permitted or required to collect or receive the information for the purpose of controlling disease, injury, or disability. If directed by that health authority, we will also disclose your health information to a foreign government agency that is collaborating with the public health authority.
We may use and disclose your protected health information for worker’s compensation or similar programs that provide benefits for work-related injuries or illness.
Organ and Tissue Donation
We may use and disclose information about you to facilitate organ or tissue donation or procurement.
We will use and disclose your protected health information to a correctional institution or law enforcement official only if you are an inmate of that correctional institution or under the custody of the law enforcement official. This information would be necessary for the institution to provide you with health care; to protect the health and safety of others; or for the safety and security of the correctional institution.
Medical Center Directories
We may include limited information about you in Medical Center directories while you are an admitted patient at Bayonne Medical Center, Hoboken University Medical Center, or Christ Hospital, including specialty psychiatric or transitional care units. This information may include your name, location in the respective Medical Center, your general condition (e.g., fair, stable, etc.) and your religious affiliation. The directory information, except for your religious affiliation, may also be released to people who ask for you by name. Your directory information including religious affiliation may be given to a member of the clergy, such as a priest or rabbi, based on your stated religious affiliation, even if they don’t ask for you by name. This is so your family, friends and clergy can visit you in the Medical Center and so they will generally know how you are doing. You have the right to opt out of the directory, or request other restrictions on this information. (See the section Request Restrictions.)
Others Involved in Your Care
We may provide relevant portions of your Protected Health Information (PHI) to a family member, a relative, a close friend, or any other person you identify as being involved in your medical care or payment for care. In an emergency or when you are not capable of agreeing or objecting to these disclosures, we will disclose PHI as we determine is in your best interest, but will tell you about it after the emergency, and give you the opportunity to object to future disclosures to family and friends.
For Health Information Exchange
We may participate in one or more health information exchanges (HIEs) and may electronically share your health information for treatment, payment and healthcare operations purposes with other participants in the HIEs, unless you specifically request to be excluded (“opt-out”). HIEs allow your health care providers to efficiently access and use your pertinent medical information necessary for treatment and other lawful purposes. HIE’s are accountable under HIPAA, and our Agreement with them requires that they provide the same safeguards on your information as we do.
We may contact you as part of our marketing activities, as permitted by law. This may include sending information to you about recommended treatments or related alternatives, or to inform you about health-related products and services that may be relevant to your care. We will not sell your PHI, or engage in marketing other than described above, without your specific authorization as defined below.
USES OR DISCLOSURES NOT COVERED BY THIS NOTICE
Uses or disclosures of your health information not covered by this notice or the laws that apply to us may only be made with your written authorization. You may revoke such authorization in writing at any time and we will no longer disclose health information about you for the reasons stated in your written authorization. Disclosures made in reliance on the authorization prior to the revocation are not affected by the revocation.
Under HITECH, any of our OHCA entities are required to notify patients whose PHI has been breached. Notification must occur in a timely manner but no more than 60 days from the date of discovery. A breach occurs when an unauthorized use or disclosure that compromises the privacy or security of PHI cannot be reasonably assessed by us to present a low risk for financial, reputational or other type of harm to the individual, based on the type of disclosure, the nature of the information and the recipient, and mitigation of possible harm. The notice must:
- Contain a summary of what occurred, including the date of the breach and the date of discovery;
- The actions the individual should take to protect themselves from potential harm resulting from the breach;
- A short description of what the OHCA entity is doing to investigate the breach, mitigate losses and to protect against future breaches.
Our Agreements with any Business Associates with whom we share your PHI require them to provide all security safeguards in accordance with HIPAA and HITECH Privacy and Security laws. They may also be held individually liable for any Privacy or Security breaches that occur.
PATIENT RIGHTS RELATED TO PROTECTED HEALTH INFORMATION
Although your health record is the physical property of the facility that compiled it, the information belongs to you. You have the right to:
Request an Amendment
- You have the right to request that we amend your medical information if you feel that it is incomplete or inaccurate. You must make this request in writing to our Privacy Officer, stating what information is incomplete or inaccurate and the reasoning that supports your request.
We are permitted to deny your request if it is not in writing or does not include a reason to support the request. We may also deny your request if:
- the information was not created by us, or the person who created it is no longer available to make the amendment.
- the information is not part of the record which you are permitted to inspect and copy.
- the information is not part of the designated record set kept by this facility or if it is the opinion of the health care provider that the information is accurate and complete.
- You have the right to request a restriction of how we use or disclose your medical information for treatment, payment, or health care operations. For example — you could request that we not disclose information about a prior treatment to a family member or friend who may be involved in your care or payment for care. Your request must be made in writing to the Director of Health Information Management.
- We are not required to agree to your request if we feel it is in your best interest to use or disclose that information, or if it requires more than the reasonable accommodation we are able to provide. If we do agree, we will comply with your request except for emergency treatment.
- You have the right to request that the information regarding services you receive not be disclosed to any third party and that no claim be submitted for payment to a third party payer. However, you must pay all charges in full and in advance for services and supplies you are reasonably expected to receive.
Inspect and Copy
You have the right to inspect and copy the protected health information that we maintain about you in our designated record set for as long as we maintain that information. This designated record set includes your medical and billing records, as well as any other records we use for making decisions about you. Any psychotherapy notes that may have been included in records we received about you are not available for your inspection or copying, by law. Upon your request, we will provide the information in your preferred electronic format, if we maintain it or can readily produce it as such, and you may have us transmit the electronic record to you or a third party via e-mail or secure internet portal. When such an electronic transfer occurs, the hospital can only charge for the labor involved. For paper records, we may charge you a fee for the costs of searching, copying, and mailing used in fulfilling your request. If you wish to inspect or copy your medical information, you must submit your request in writing to our Privacy Officer: Attention: OHCA Privacy Officer or you may mail your request or bring it to the Health Information Management office at the specific Medical Center. We will have 30 days to respond to your request for information that we maintain at our facility. If the information is stored off-site, we are allowed up to 60 days to respond but must inform you of this delay.
An Accounting of Disclosures
You have the right to request a list of the disclosures of your health information we have made outside of facility that were not for treatment, payment, or health care operations. Your request must be in writing and must state the time period for the requested information. You may not request information for any dates prior to April 14, 2003, nor for a period of time greater than six years (our legal obligation to retain information).
Your first request for a list of disclosures within a 12-month period will be free. If you request an additional list within 12-months of the first request, we may charge you a fee for the costs of providing the subsequent list. We will notify you of such costs and afford you the opportunity to withdraw your request before any costs are incurred.
Request Confidential Communications
You have the right to request how we communicate with you to preserve your privacy. For example—you may request that we call you only at your work number, or by mail at a special address or postal box. Your request must be made in writing and must specify how or where we are to contact you. We will accommodate all reasonable requests.
File a Complaint
If you believe we have violated your medical information privacy rights, you have the right to file a complaint with our facility or directly to the Secretary of the United State Department of Health and Human Services: U.S. Department of Health & Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201. Phone: 202-619-0257 Toll Free.
To file a complaint with our facility or OHCA-affiliated entity, you must make it in writing within 180 days of the suspected violation. Provide as much detail as you can about the suspected violation and send it to our OHCA Privacy Officer. No retaliation of any kind will be taken against an individual as a result of a complaint being filed.
A Paper Copy of This Notice
You have the right to receive a paper copy of this notice upon request.
CHANGES TO THIS NOTICE
We have the right to change this notice. We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any information we receive in the future. We will post a copy of the current notice at each Medical Center’s website. Any changes to the notice will be posted promptly on the websites.
ORGANIZATIONS COVERED BY JOINT NOTICE
This Joint Notice describes the privacy practices of entities listed below, including their respective divisions, programs, departments, units and medical staff physicians (to the extent applicable):
- IJKG Opco LLC d/b/a CarePoint Health — Bayonne Medical Center, also known as Bayonne Hospital Center
- HUMC Opco LLC d/b/a CarePoint Health — Hoboken University Medical Center
- Hudson Hospital Opco LLC d/b/a CarePoint Health — Christ Hospital
- CarePoint Insurance Company d/b/a CarePoint Health Plans
- CarePoint Health Research Institute, LLC
- CarPoint Health Medical Group, LLC
- Garden State Healthcare Associates, LLC
- McCabe Ambulance Service Inc.
- CarePoint Health Foundation, Inc.
These separate legal entities may share protected health information with each other as necessary to carry out treatment, payment or health care operations relating to the organized health care arrangement unless otherwise limited by law, rule or regulation. Unless we provide you with a different Notice of Privacy Practices and except as provided above, this Notice of Privacy Practices will apply to all entities that we may purchase or affiliate with in the future.