NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Section A: Who will Follow This Notice?
This notice applies to Missouri Delta Medical Center (hereafter referred to as ‘Provider’) Privacy Practicesand its affiliates including any workforce member authorized to create medical information referred to as Protected Health Information (PHI) which may be used for purposes such as treatment, payment, and healthcare operations. These workforce members may include:
- All departments and units of the Provider
- Any member of a volunteer group
- All employees, staff, and other Provider personnel
- Any entity providing services under the Provider’s direction and control will follow the terms of this notice. In addition, these entities, sites and locations may share medical information with each other for treatment, payment, or healthcare operational purposes described in this notice.
Section B: Protection of Protected Health Information
This notice applies to all of the records of your care at Missouri Delta Medical Center and will tell you about the ways in which we may use and disclose your medical information. This notice will also describe your rights and certain obligations Missouri Delta Medical Center has regarding the use and disclosure of medical information.
We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. We create a record of the care and services you receive at the Provider. We need this record to provide you with quality care and to comply with certain legal requirements.
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Missouri Delta Medical Center is required by law to keep protected health information (PHI) private. PHI is any health information that identifies you, including information such as your name, address, telephone number, and any information created by your healthcare providers for treatment, billing, or payment. Missouri Delta Medical Center is committed to the protection of your PHI and will make reasonable efforts to keep your PHI confidential as required by law. Missouri Delta Medical Center is also required to provide you with this notice of our privacy practices. We take this commitment seriously and will work with you to comply with your right to receive certain information under HIPAA.
The Privacy Rule requires a covered entity that maintains a web site providing information about the covered entity’s services or benefits to prominently post its notice of privacy practices on its web site. We may e-mail our notice of privacy practices to an individual if the individual agrees to receive an electronic notice of privacy practices (although the individual always retains the right to receive a paper copy of the notice of privacy practices upon request). We will make the latest notice (i.e., the one that reflects any changes in privacy policies) available at our office or facility for individuals to request to take with them, and post it in a clear and prominent location at the facility.
Section C: Standard Use and Disclosure of Your Medical Information
Missouri Delta Medical Center and physicians with staff privileges may use your medical information to provide you with medical treatment and services, to receive payment for those services, and in daily health care operation in the following ways without your permission:
Treatment: Missouri Delta Medical Center may disclose your medical information to those involved in your treatment on an as-needed basis. For Example: Information taken by a nurse, physician or other member of your health care team will be documented in your record and used to decide the course of treatment that should work best for you. Your physician will document in your record his or her expectations of the members of your health care team. Members of your health care team will then record the actions they took and their observations. In that way, the physician will know how you are responding to treatment. We will also provide your physician or a following health care provider with copies of various reports that should help him or her in treating you once you are discharged from this hospital.
Payment: Missouri Delta may be required to use or disclose your medical information for payment or billing purposes. For Example: A bill may be sent to you or a third-party payer such as Medicare, Medicaid, your insurance company, workman’s compensation, etc. The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures, and supplies used. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment. We may release medical information about you to someone who helps pay for your care, unless you object and ask us not to provide this information to specific individuals, in writing.
Health Care Operations: Missouri Delta Medical Center may also use and disclose your medical information in our everyday health care operations. For Example: Members of the Medical Staff, the Risk or Quality Management Director, or members of the quality improvement team may use information in your health record to assess the care and outcomes in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the health care and service we provide. Also, the state, JCAHO, and auditors may see your information in the course of a survey for accreditation, licensure, or audit of financial records. We may also remove information that identifies you from your medical record so others may use it to study health care and health care delivery without learning a patient’s identity.
Business Associates: There are some services provided in our organization through contacts with business associates. Examples include services in the radiology and laboratory departments. When these services are contracted, we may release your health information to our business associate so that they can perform the job we’ve asked them to do and bill you or your third-party payer for services provided. To protect your health information, however, we require the business associate to appropriately safeguard your information.
Communication Barriers: We may use and disclose your health information if we are unable to obtain your consent because of substantial communication barriers, and we believe you would want us to treat you if we could communicate with you.
Section D: Standard Uses or Disclosures of Your Medical Information to Which You May Object
Unless you object in writing to the Privacy Officer at Missouri Delta Medical Center, MDMC will also use or disclose your health information for purposes described in this section. Refer to the “Contacting Missouri Delta Medical Center” section at the end of this notice.
Hospital Directory: We may include certain limited information about you in the Facility Directory while you are a patient of the Provider. This information may include your name, location in the Provider, your general condition (e.g., fair, stable, etc.) and your religious affiliation. The Provider Directory information, except for your religious affiliation, may also be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they do not ask for you by name. This is so your family, friends, and clergy can visit you in the Provider and generally know how you are doing. You may opt out of this Directory by providing a written request at the time of admission or registration.
Notification/Emergencies: In an emergency, health care professionals, using their best judgment, may release your medical information to a family member, relative, friend, or any other person you identify, that pertains to their involvement in your care or payment related to your care. If this happens, we will try to obtain your consent as soon as we reasonably can after we treat you.
Disaster Relief: We may use or release health information to a public or private party authorized by law or by its charter to assist in disaster relief efforts, for the purpose of coordinating the uses of releases described in Notification above. Privacy requirements apply to the extent that we may use professional judgment to determine they do not interfere with the ability to respond to the emergency circumstances.
Federal law makes provisions for your health information to be released to an appropriate health oversight agency, public health authority, or attorney, provided that a work force member or business associate believes in good faith that we have engaged in unlawful conduct or have otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers or the public.
Health Information Exchange (HIE): We may make your protected health information available electronically through a secure health information exchange service to facilitate the exchange of your health information between and among other healthcare providers or other health care entities for your treatment, payment, or other healthcare operations purposes. This means we may share information we obtain or create about you with outside entities (such as hospitals, physician offices, pharmacies, or insurance companies) or we may receive information they create or obtain about you (such as medication history, medical history, or other information) so each of us can provide better treatment and coordination of your healthcare services. You have the right to opt-out of participation in the Health Information Exchange.
Fundraising: If we intend to use your medical information for fundraising purposes, we will inform you of such intent and that you have a right to opt out of receiving fundraising communications. We may use information about you to contact you in an effort to raise money for the Provider and its operations. We may disclose information to a foundation related to the Provider so that the foundation may contact you in raising money for the Provider. We would only release contact information such as your name, address, and phone number and the dates you received treatment or services at the Provider. If you do not want the Provider to contact you for fundraising efforts, you must notify us in writing. You will be given the opportunity to ‘opt-out’ of these communications.
Section E: Uses and Disclosures of Your PHI that Does Not Require Your Consent
Missouri Delta may also share your medical information without your permission for the following reasons:
Public Health activities/Food and Drug Administration:We may disclose medical information about you for public health activities. These activities generally include the following:
- To prevent or control disease, injury or disability
- To report births and deaths
- To report child abuse or neglect
- To report reactions to medications or problems with products
- To notify people of recalls of products they may be using
- To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition
- To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law
Government Authorities/As Required By Law/Law Enforcement/Administrative Proceedings: We will disclose medical information about you as required by federal, state, or local law about persons who may be victims of abuse, neglect, or other crime. Information may be released if asked to do so by a law enforcement official:
- In response to a court order, subpoena, warrant, summons, or similar process;
- To identify or locate a suspect, fugitive, material witness, or missing person;
- About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
- About a death we believe may be the result of criminal conduct;
- About criminal conduct at the Provider; and
- In emergency circumstances, to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
Prison Inmates: Information can be released to the correctional facility in which the inmate resides for the following purposes: 1) for the correctional facility to provide the inmate with healthcare; 2) to protect the health and safety of the inmate or the health and safety of others; or 3) for the safety and security of the correctional facility.
Special Government Circumstances: Your medical information may be released for circumstances involving military or veterans activities; national security and intelligence activities; protective services for the President; medical suitability determinations; law enforcement custodial situations; and government programs providing public benefits
Health Oversight Activities: We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Workman’s Compensation: Disclosing information necessary to comply with Workers Compensation laws or purposes.
Coroner, Medical Examiner, Funeral Director: We may release medical information to a coroner of medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients of the Provider to funeral directors as necessary to carry out their duties.
Organ and Tissue Donation: Consistent with applicable law, we will release health information to organ procurement organizations or other entities involved in the procurement, banking or transplantation of organs for the purpose of tissue donation and transplant.
Prevention of an Immediate Health and Safety Threat: We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
Research: Under certain circumstances, we may disclose medical information about you related to a research project when a waiver of authorization has been approved by the Investigational Research Body (IRB). All research projects are subject to a special approval process. This process evaluates a proposed research project and its use of medical information, trying to balance the research needs with patients’ need for privacy of their medical information. Before we use or disclose medical information for research, the project will have been approved through this research approval process, but we may, however, disclose medical information about you to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs, so long as the medical information they review does not leave the Provider. A research project may involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. We will almost always generally ask for your specific permission if the researcher will have access to your name, address, or other information that reveals who you are, or will be involved in your care at the Provider.
Section F: Additional Information That May Be Shared With You about Products/Services That Relate To Your Treatment without an Authorization
Appointment Reminders: We may use and disclose medical information to contact you as a reminder that you have an appointment for treatment or medical care at the Provider. We may also provide prescription refill reminders.
Treatment Alternatives: We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
Health & Related Benefits and Services: We may use and disclose medical information to tell you about health & related benefits or services that may be of interest to you.
Section G: Uses and Disclosures That Require Your Consent
We will not use your protected health information for any purposes not specifically allowed by Federal or State laws or regulations without your written authorization; specifically the following types of uses and disclosures of your medical information require an authorization:
Psychotherapy Notes: We must have your written permission before we can release medical information contained within psychotherapy notes.
Marketing: We must have your written permission before we can accept payment for the use and disclosure of your PHI for marketing purposes.
Sale of PHI: We cannot sell your PHI without your written permission, except we may be paid our costs (i.e. labor, supplies, postage) to provide PHI to public health/other purposes permitted by HIPAA.
Immunizations: We will comply with requests received for proof of immunizations from schools as required by Missouri law to have such proof prior to admitting the individual. Verbal authorization is required.
E-mail Use: E-mail will only be used for communications with you following this organization’s current policies and practices and with your permission. The e use of secured, encrypted e-mail is encouraged.
An authorization may be revoked prospectively at any time by written revocation.
Section H: You’re Rights
Request a Restriction: You may request a restriction on the protected health information that Missouri Delta Medical Center uses or discloses about you for payment, treatment or health care operations. We require that any requests for use or disclosure of medical information be made in writing. In some cases we are not required to agree to these requests, however if we agree to them we will abide by these restrictions. We will always notify you of our decisions regarding restriction requests in writing.
You have the right to request, in writing, a limit on disclosures of your PHI to family members or friends who are involved in your care or the payment for your care. For example, you could ask that we not use or disclose information about a surgery you had. In your request, you must tell us what information you want to limit, whether you want to limit our use, disclosure, or both, and to whom you want the limits to apply, for example, disclosures to your spouse.
If you pay in full for a health care item or service out-of-pocket you may request that Missouri Delta Medical Center not disclose PHI about that health care item/service to your health plan. In this instance, Missouri Delta Medical Center will not disclose PHI about that service to the health plan unless we are required to do so by law. It is your responsibility to alert Missouri Delta Medical Center if this is your intention before the health care item or service is performed so that written authorization can be obtained and full payment can be collected at that time.
Request Confidential Communication: You may request to receive your PHI by alternative means or at an alternative location if you reasonably believe that other disclosure could pose a danger to you. For Example: You may only want to have PHI sent by mail or to an address other than your home. While we are not required to agree to all requests, Missouri Delta Medical Center will accommodate all reasonable requests for confidential communications. Your request must specify how or where you wish to be contacted.
Request Access: You have the right to access, inspect, and obtain a copy of the medical information that may be used to make decisions about your care, with a few exceptions. Usually, this includes medical and billing records, but may not include psychotherapy notes. We may deny your request to inspect or obtain a copy of your medical information in certain limited circumstances. If you are denied access to medical information, in some cases, you may request that the denial be reviewed. Another licensed health care professional chosen by the Provider will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Request an Amendment: You have the right to request an amendment of your PHI held by Missouri Delta Medical Center if you believe that information is incorrect or incomplete. Your request must be in writing and sent to the Privacy Officer using the “Contacting Missouri Delta Medical Center” section of this notice and must give a reason(s) in support of the proposed amendment. You have the right to request an amendment for as long as the information is kept by or for the Provider. In certain cases, Missouri Delta Medical Center may deny your request for an amendment if it is not in writing or does not include a reason to support the request, In addition a request for amendment may be denied if you ask to amend information that:
- Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- Is not part of the medical information kept by or for the Provider;
- Is not part of the information which you would be permitted to inspect and copy; or
- Is accurate and complete.
Request for an Accounting of Disclosures: You have the right to request an Accounting of Disclosures. This is a list of disclosures we made of medical information about you. Your request must state a time period which may not be longer than six years and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example, on paper or electronically, if available).
To be Notified of a Breach: We are required to notify you under the HIPAA rules by first class mail or by e-mail (if we offered and you have indicated a preference to receive information by e-mail), of any breaches of unsecured PHI as soon as possible, but in any event, no later than 60 days following the discovery. “Unsecured Protected Health Information” is information that is not secured through the use of a technology or methodology identified by the Secretary of the U.S. Department of Health and Human Services to render the Protected Health Information unusable, unreadable, and undecipherable to unauthorized users.
Missouri State Breach- Section 407.1500 may also require breach notification of individuals. This organization will notify you as soon as possible of discovered breaches of unsecured protected or personal information consistent with the rules that apply to that breach.
Notification of a breach is required to include the following information:
- A brief description of the breach, including the date of the breach and the date of its discovery, if known;
- A description of the type of Unsecured Protected Health Information involved in the breach;
- Steps you should take to protect yourself from potential harm resulting from the breach;
- A brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches;
- Contact information, including a toll-free telephone number, e-mail address, web site or postal address to permit you to ask questions or obtain additional information.
In the event the breach involves 10 or more patients whose contact information is out of date we will post a notice of the breach on the home page of our web site or in a major print or broadcast media. If the breach involves more than 500 patients in the state or jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 patients, we are required to immediately notify the Secretary of HHS. We are also required to submit an annual report to the Secretary of a breach that involved less than 500 patients. We will report breaches of over 1000 patients to credit monitoring agencies as required by FIPA.
Right to a Paper Copy of This Notice: You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice. You may obtain a copy of this notice at our website. http://www.missouridelta.com
Section I: Changes to This Notice
Missouri Delta Medical Center has the right to change this notice. Changes may be effective for any current health information about you and any information that may be obtained in the future. Changes to this notice will also be effective for all health information Missouri Delta maintains about you. The most recent copy of this notice will be available anywhere you register for services. You can also contact the Missouri Delta Privacy Officer to obtain the most recent copy of this notice.
Section J: Complaints
Missouri Delta Medical Center takes the privacy and security of your protected health information very seriously. If you believe that your privacy rights have been violated, please contact Missouri Delta Privacy Officer so we may investigate and try to correct the problem. You also have the right to file a complaint with the Department of Health and Human Services. http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html. Missouri Delta Medical Center will not treat you differently or prevent you from receiving care if you decide to report a complaint.
Section K: Organized Healthcare Arrangement (OHCA)
The Provider, the independent contractor members of its Medical Staff (including your physician), and other healthcare providers affiliated with the Provider have agreed, as permitted by law, to share your health information among themselves for purposes of treatment, payment or healthcare operations, enabling us to better address your healthcare needs. Providers participating in an Organized Healthcare Arrangement may share the same Notice of Privacy Practices.
Section L: Contacting Missouri Delta Medical Center Privacy Officer
Missouri Delta Privacy Officer can be reached by phone, email or mail.
Phone: (573)472-7628 or (573)472-7630
Missouri Delta Medical Center Privacy Officer
1008 N. Main St.
Sikeston, Missouri 63801
You can request a paper copy of this notice by contacting Missouri Delta’s Privacy Officer or from the area where you received your services.
Rev. 04/2013, 08/2014, 03/2015, 4/7/2017