Notice of Privacy Practices Geisinger*
Notice of Privacy Practices
Geisinger* Notice of Privacy Practices ("Notice")
Effective date March 1, 2016
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Review it carefully.
We are required by law to maintain the privacy of Protected Health Information (PHI), to provide individuals with notice of the legal duties and privacy practices of the covered entities of Geisinger with respect to PHI and to notify affected individuals following a breach of unsecured PHI.
If you have any questions about this Notice, you may ask a member of the staff where you receive health care services. You may also contact our privacy officer at 570-271-7360. You may obtain our most current Notice by calling or writing to our privacy officer to request that a copy be sent to you in the mail or by asking for it when you come in for an appointment. The address for our privacy officer is provided at the end of this Notice.
Uses and disclosures we are permitted or required to make
The following is a description of the types of uses and disclosures of your PHI that we are permitted or required to make. Not every use or disclosure possible is listed, but all of the ways that we are permitted to use and disclose your PHI will fall within one of these general categories.
We will use and disclose your PHI to provide your health care and any related services. This includes disclosure of your PHI to doctors, hospitals, pharmacies and other third parties who are involved in your care. For example, we will disclose your PHI to another physician to whom you have been referred, to the physician who referred you to us or to a home health agency that will be caring for you. We will use your PHI during continuum of care rounds which may include, without limitation, physicians, nurses, care managers, social workers, pharmacists, physical therapists, spiritual care workers and nutrition staff who are involved in your care. We may call your name in our waiting room when your doctor or other provider is ready to see you.
We will use and disclose your PHI so that we may bill for health care services and so that payment may be collected for the health care services you receive. This includes activities such as communicating your PHI to an insurance company.
Health care operations
We will use and disclose your PHI as necessary for health care operations. For instance, our providers may serve the region by participating in medical education programs. We may disclose your PHI to the students and faculty of such programs. We may use your information to evaluate the performance of our staff and for training and education purposes.
Additional rights under Pennsylvania Law
Pennsylvania law may further limit our uses and disclosures in the case of your PHI. This includes HIV-related records, records of alcohol or substance abuse treatment and mental health records. If Pennsylvania law applies to your PHI, we will use and disclose your PHI in compliance with these more restrictive laws.
Keystone Health Information Exchange ("KeyHIE")
If you choose to participate in the Keystone Health Information Exchange and sign an authorization, we will take steps to allow the disclosure of your PHI to KeyHIE.
KeyHIE is a certified health information organization participating in the Pennsylvania Patient & Provider Network ("P3N") which will enable the secure exchange of health information to improve health care delivery and health care outcomes. P3N was established by Pennsylvania law (Act 121) and is part of a federal initiative to electronically share health information. The Pennsylvania eHealth Partnership Authority (the "Authority") has been charged with building the Pennsylvania network. The Authority is responsible for maintaining the P3N Opt-Out Registry. The opt-out form is online at paehealth.org.
Additional rights under New Jersey Law
New Jersey law may further limit our uses and disclosures in the case of your PHI. This includes AIDS/HIV-related information, venereal disease information, genetic information, tuberculosis information, mental health information, certain drug and alcohol treatment information and certain information related to the emancipated treatment of a minor (e.g., where the minor seeks emancipated treatment for pregnancy or treatment related to minor's child or a sexually transmitted disease). If New Jersey law applies to your PHI, we will use and disclose your PHI in compliance with these more restrictive laws and will obtain your specific authorization before using or disclosing these types of information where we are required to do so by such applicable New Jersey or federal laws.
New Jersey Health Information Exchanges
AtlantiCare and other health care providers participate in Health Information Exchanges ("HIEs"), including the AtlantiCare HIE, which allow patient information to be shared electronically through a secured connected network. We may use or disclose your PHI in connection with the AtlantiCare HIE, or another HIE that we may participate in, for your treatment, to ascertain whether you have health insurance and what it may cover, and to evaluate and improve the quality of medical care provided to all of our patients. Other health care providers and health plans may also have access to your information in the HIE for similar treatment, payment and health care operations purposes to the extent permitted by law. You have the right to "opt out" or decline to participate in the HIEs. If you have not opted out of the HIE, your PHI will be available through the HIE to participating health care providers and health plans in accordance with this Notice of Privacy and the law.
Right to opt out of HIEs:
With regard to HIEs, if you do not wish to allow otherwise authorized doctors, nurses and other clinicians involved in your care to electronically share your PHI with each other through HIEs as set forth in this Joint Notice, you can complete, and sign and submit the AtlantiCare HIE Opt-Out form to your provider, or by fax or mail as instructed on that form, and we will honor any opt-out selection that you make. The AtlantiCare HIE Opt-Out form can be obtained directly from any AtlantiCare HIE-participating provider, or you can download the form from atlanticare.org/index.php/related-information/health-information-exchange or call 888-569-1000. If you opt out of the AtlantiCare HIE, your PHI will continue to be accessed and released, electronically or otherwise, as needed to provide treatment to you, but will not be made available for such purpose through the AtlantiCare HIE.
We may call you on the telephone to remind you of an upcoming appointment. We may leave you a message that includes the date, time and general information about an upcoming appointment on your telephone answering device. We may send you an appointment reminder in the mail.
We may hold reunions for various patient groups to celebrate their success in treatment. If you are or were part of such a patient group, we may use your PHI to invite you.
Treatment alternatives/other health-related benefits and services
We may use or disclose your PHI to contact you to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you.
We may use or disclose certain information for the purposes of fundraising for Geisinger Foundation entities. The money raised will be used to expand and improve the services and programs we provide to the community. You are free to opt out of solicitation at any time and your decision will have no impact on your treatment or payment for services.
Unless you tell us not to, we will include certain information about you in the hospital directory if you are admitted to one of our hospitals. This information may include your name, your location in the hospital, your general condition, your religious affiliation and whether you wish to have our spiritual care chaplains visit you.
This information may also be disclosed to people who ask for you by name such as your relatives, friends and the media. Your religious affiliation may be given to community clergy even if they don't ask for you by name.
Spiritual care staff
Our doctors and other health care providers work with our spiritual care chaplains as part of the treatment team at our hospitals, unless you tell us that you do not want our spiritual care chaplains to be involved. Unless you tell us otherwise, spiritual care chaplains may call on you during your hospital stay.
Individuals involved in your care
We may disclose your PHI to those people who are involved in your care, such as family members and friends.
As required by law or legal process
We will disclose your PHI when we are required to do so by local, state or federal law or process of law.
To avert a serious threat to health or safety
We may use or disclose your PHI for reasons which include preventing a serious threat to your health and safety, or the health and safety of others.
Cadaveric organ, eye and tissue donation
We may disclose the PHI of organ donors to organizations that assist with such donations.
Specialized government functions
We may use or disclose your PHI for specialized government functions such as military, national security and presidential protective services.
We may disclose your PHI for purposes of handling your workers' compensation claims in compliance with applicable laws, rules and regulations.
Public health activities
We may disclose your PHI to public health entities as authorized by law. Such disclosures include (but are not limited to) reports of births and deaths, child or elder abuse and neglect, and domestic violence.
Health oversight activities
We may disclose your PHI to agencies of the government for activities authorized by law. These activities include monitoring health care systems and participation in government programs.
Lawsuits and disputes
If you are involved in a lawsuit or other dispute, we may disclose your PHI in response to documents such as a court order or when certain other requirements are met.
We may disclose your PHI if asked to do so by a law enforcement official for reasons including (but not limited to) identifying or locating a suspect, a witness or a missing person, or investigating criminal activity.
Coroners, medical examiners and funeral directors
We may disclose certain PHI to a coroner or medical examiner. We may also disclose certain PHI about deceased patients to funeral directors so that they may carry out their duties.
If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your PHI to the respective correctional institution or law enforcement official in accord with applicable laws, rules, regulations and our policies.
Some of the services we provide are performed through contractual relationships with outside parties or business associates. These services may include (but are not limited to) financial, auditing and legal. We ask our business associates to sign an agreement that restricts the ability of the business associate to use or disclosure your PHI in an effort to make sure that all PHI is appropriately safeguarded.
We may use or disclose your PHI for certain research purposes when such research is approved by an institutional research review board, as appropriate.
Receiving payment for PHI
Unless allowed by law, we may not receive payment directly or indirectly for your PHI without your authorization.
You have rights regarding your PHI
Your right to inspect and copy
You have the right to inspect and receive a copy (paper or electronic) of your PHI that may be used to make decisions about your care. To do so, you must complete the appropriate Authorization form and present it to Health Information Management Department. We have provided the address for the Health Information Management Department on the last page of this Notice. You will be charged a reasonable cost-based fee. You may also direct us in writing to transmit your PHI to another entity or individual.
We may deny your request to inspect and receive a copy of your PHI in very limited circumstances. If you are so denied, in some cases, you may request that such denial be reviewed. We will comply with the outcome of such review.
Your right to amend
We are required to retain your PHI regarding the care and treatment that we provided to you in accordance with applicable law. You have the right to have us amend PHI or a record about you in a designated record set for so long as your PHI is maintained in the designated record set. However, we may deny such a request if we determine that the PHI or record that is the subject of the request: (i) was not created by us, unless you provide us with a reasonable basis to believe that the originator of PHI is no longer available to act on the requested amendment; (ii) is not part of the designated record set; (iii) would not be available for inspection under 45 CFR 164.524; or (iv) is accurate and complete. Generally, we must respond in writing to your request within sixty (60) days. However, we may extend the time for such action by no more than thirty (30) days as provided under HIPAA. If we do not agree to your request, you have the right to submit a statement of disagreement that we must add to your medical record. Contact our privacy officer at 570-271-7360 to request an amendment.
Your right to an accounting of disclosures
You have the right to an accounting of disclosures. This is a list (accounting) of the times we've disclosed your health information for six years prior to the date you ask, who we've shared it with and why. In compliance with the law, we will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you have asked us to make). We will provide you with an accounting of disclosures if you request it and in accord with the law. Contact our privacy officer at 570-271-7360 to make such a request.
Your right to notification
We are required by law to maintain the privacy and security of your PHI. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. This will be done by mail or by other means if necessary.
Your right to request restrictions
You have the right to request restrictions on the PHI we use or disclose about you for treatment, payment and health care operations. We are not required to agree to your request, and generally, we will not accept requests for such restrictions.
As required by law, if you have paid out of pocket for a health care service or item, you have the right to ask us to not tell your insurance company about such service or item for purposes other than treatment. We will not share the PHI regarding such care with your insurer for purposes of payment or health care operations.
Your right to request confidential communications
You have the right to make a reasonable request that we communicate with you regarding your PHI in a certain way or at a certain location (for example, home or office phone). Such reasonable requests may include, when appropriate, how information as to payment for services we provide to you will be handled. We may require you to make this request in writing to the manager of your care site.
Your right to a paper copy of this Notice
Generally, you have a right to obtain a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time, even if you have agreed to receive this Notice electronically. You may also obtain a paper copy of this Notice at the registration desk at your next appointment.
When you complete an authorization form that complies with the law, we will disclose your PHI as you have directed. For example, if you choose to participate in a health information exchange and sign an authorization, we will take steps to allow the disclosure of your PHI to the health information exchange.
We are not able to take back any uses or disclosures that we already made with your authorization.
If you provide us with a written authorization to disclose your PHI, you may revoke (cancel) it at any time. Your revocation (cancellation) must be in writing. Contact our Health Information Management Department at 570-214-6706 for more information.
Without your authorization, we will not disclose your PHI for marketing purposes as set forth under the HIPAA rules. If we have psychotherapy notes (as defined by the HIPAA Rules), we will not disclose them unless you sign an authorization.
Changes to this Notice
We may change this Notice at any time. We may make the revised or changed Notice effective for PHI we already have as well as any PHI we receive in the future. We will post a current copy of this Notice in our hospitals and clinics. On the first page of the Notice, in the top right corner, you will find the effective date of that Notice.
If we make a material change to uses and disclosures, your rights, our legal duties or other privacy practices stated in this Notice, we will promptly revise and distribute our changed Notice. Except when required by law, a material change to any term of this Notice may not be implemented prior to the effective date of the revised Notice.
If you believe your privacy rights have been violated, you may file a complaint with our privacy officer and/or the secretary of the U.S. Department of Health and Human Services. We have provided both addresses on the last page of this Notice. To file a complaint with our privacy officer, please call 570-271-7360.
The covered entities of Geisinger value your right to privacy. You will not be retaliated against for filing a complaint.
Other uses of your PHI
Other uses and disclosures of your PHI not covered by the categories included in this Notice or applicable laws, rules or regulations will be made only with your written permission or authorization.
We are required to abide by the terms of this Notice.
The address for our privacy officer is:
System Privacy Office
100 N. Academy Ave.
Danville, PA 17822
The address for the Health Information Management Department is:
Health Information Management Department
Medical Reports MC 13-11
100 N. Academy Ave.
Danville, PA 17822
The address for the United States Department of Health and Human Services is:
U.S. Department of Health and Human Services
200 Independence Ave. SW
Washington, DC 20201
Throughout this Notice of Privacy Practices (“Notice”), the acronym “GH” or the terms “Geisinger” or “Geisinger Health” shall refer to the separate legal entities of Geisinger Health Foundation. Geisinger Health is comprised of Geisinger Health Foundation as parent and its subsidiaries, affiliates and members. Although Geisinger Health Foundation does not provide medical care or employ physicians, it is the corporate parent of the covered entities listed below, each of which is an individual corporate entity legally separate and distinct from Geisinger Health Foundation.
This Notice applies to all GH HIPAA covered entities except Marworth, Geisinger Health Plan, Geisinger Indemnity Insurance Company (doing business as Geisinger Health Options) and Geisinger Quality Options, Inc. (doing business as Geisinger Choice). To request the Notice for Marworth, Geisinger Health Plan, Geisinger Indemnity Insurance Company and Geisinger Quality Options, Inc., contact our Privacy Office at 570-271-7360.
Unless a different Notice is provided and except as indicated above, this Notice will apply to all covered entities that we may acquire or affiliate with or that become our members in the future.
As covered entities, the below-listed separate GH corporate legal entities are participating in an Organized Health Care Arrangement (“OHCA”). These separate corporate legal entities may share PHI as necessary to carry out treatment, payment and healthcare operations relating to the OHCA and for other purposes as permitted or required by law.
- Geisinger Clinic (all sites)
- Geisinger Medical Center (including its GeisingerShamokin Area Community Hospital Campus)
- Geisinger Wyoming Valley Medical Center
- Geisinger Community Health Services
- Geisinger Bloomsburg Hospital
- Geisinger Lewistown Hospital
- Geisinger Community Medical Center
- Family Health Associates of Geisinger-Lewistown Hospital
- Lewistown Ambulatory Care Corporation
- Holy Spirit Hospital of the Sisters of Christian Charity
- West Shore Advanced Life Support Services, Inc.
- Spirit Physician Services, Inc.
- SUN Home Health Services, Inc.
- AtlantiCare Health System Inc.
- AtlantiCare Physician Group, PA (Captive PC)(all sites)
- AtlantiCare Urgent Care Physicians LLC (all sites)
- AtlantiCare Regional Health Services Inc.
- AtlantiCare Behavioral Health, Inc. (all sites)
- AtlantiCare Regional Medical Center Inc. (all sites)
- Cooperative Home Health Care of Atlantic County Inc.
- Acuity Hospital of New Jersey LLC
- AMI AtlantiCare LLC (all sites)
- AtlantiCare Surgery Center LLC (all sites)
- AtlantiCare Health Solutions Inc. (all sites)
- AtlantiCare Health Engagement Inc. (all sites)
- English Creek Assurance
- AtlantiCare Foundation
- Geisinger Indemnity Insurance Company
- Geisinger Quality Options Inc.
- Geisinger Health Plan