Skip to main content

We’ve updated our Terms & Conditions and Privacy Policy. By using this site, you agree to these terms.

Geisinger Notice of Privacy Practices*

Geisinger* Notice of Privacy Practices ("Notice")
Effective date: Feb. 1, 2026

As described in this Notice of Privacy Practices, patient medical records are protected by federal and state laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Certain substance use disorder treatment records are also protected by federal regulations under 42 CFR Part 2 (Part 2). 

This Notice describes how medical information about you may be used and disclosed and how you can access it. Please read it carefully.

If you have any questions about this Notice, ask a staff member where you receive your care or contact our Privacy Office at:

System Privacy Office
MC 40-38
100 N. Academy Ave.
Danville, PA 17822
570-271-7360
systemprivacyoffice@geisinger.edu

This Notice applies to all Geisinger HIPAA-covered entities except Geisinger Health Plan, Geisinger Indemnity Insurance Company (doing business as Geisinger Health Options) and Geisinger Quality Options Inc. (doing business as Geisinger Choice). For the latest Notice or to access the Notice for Geisinger Health Plan, Geisinger Indemnity Insurance Company, and Geisinger Quality Options Inc., please contact our Privacy Office or visit:  https://www.geisinger.org/about-geisinger/corporate/corporate-policies/hipaa.

Uses and Disclosures of Protected Health Information

Under HIPAA, the information Geisinger collects about you as a patient is generally considered protected health information (PHI). Geisinger may only use and disclose your PHI pursuant to an authorization or as otherwise permitted or required by law. We typically use or share your PHI in the following ways:

Treatment

We may use and disclose your PHI for treatment purposes. This includes sharing your PHI with doctors, hospitals, pharmacies, and others involved in your care. For example, we may share your PHI with a physician you’ve been referred to, the doctor who referred you to us, or a home health agency providing your care. Additionally, throughout your care at Geisinger, your PHI may be shared among physicians, nurses, lab technicians, care managers, social workers, pharmacists, physical therapists, spiritual care workers, nutrition staff, and other professionals involved in your treatment. 

Payment

We may use and disclose your PHI to bill for healthcare services and receive payment for the care provided to you. For example, we may disclose your PHI to a health plan or insurance company to obtain payment for the care provided to you or to get approval for treatment or admission. We also may disclose your PHI to a third party to facilitate collecting an outstanding balance.

Healthcare operations

We will use and disclose your PHI as necessary for healthcare operations purposes. For example, we may use and disclose your PHI to evaluate and improve the quality of care we provide, to evaluate the performance of health care professionals who cared for you, and to communicate with you. We may also use your PHI for training and educational purposes. 

Business associates

Some of the services we provide are performed through contractual relationships with outside parties or business associates. These services may include (but are not limited to) financial, auditing, and legal. We take efforts to only provide business associates with the minimum necessary amount of PHI to carry out their contractual duties. All business associate contracts restrict the ability of the business associate to further use or disclose your PHI so that it is appropriately safeguarded.

How else can we use or share your PHI?

We are allowed or required to share your information in other ways — usually in ways that contribute to the public good, such as public health and research. We are required to meet many conditions in the law before we can share your information for these purposes. Some examples are provided below.

For more information, U.S. Health and Human Services maintains a website for patients regarding HIPAA at: hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.

Individuals involved in your care

We may disclose limited PHI to those people we reasonably believe are involved in your care and/or payment for care, such as family members and friends.  However, 45CFR Part 2 data requires consent. 

To avert a serious threat to health or safety

We may use or disclose your PHI for reasons that include preventing a serious threat to your health and safety or the health and safety of others.

Cadaveric organ, eye and tissue donation

We may disclose the PHI of organ donors to organizations that assist with such donations.

Specialized government functions

We may use or disclose your PHI for specialized government functions such as military, national security and presidential protective services.

Workers’ compensation

We may disclose your PHI to handle your workers’ compensation claims in compliance with applicable laws, rules and regulations.

Public health activities

We may disclose your PHI for public health activities. These activities may be disclosures:

  • To public health authorities authorized by law to collect or receive information for the purpose of preventing disease, injury, or disability
  • To FDA-regulated entities for purposes of monitoring or reporting the quality, safety, or effectiveness of FDA-regulated products, or to help with product recalls
  • To authorities authorized to receive reports of suspected abuse, neglect or domestic violence
  • To notify a person who may have been exposed to a disease or may be at risk of contracting or spreading a disease or condition

Health oversight activities

We may disclose your PHI to government agencies for activities authorized by law. These activities include monitoring healthcare systems and participation in government programs.

Lawsuits and disputes

We may disclose PHI about you in response to a court or administrative order, or in response to a subpoena.

Law enforcement

We may disclose your PHI if asked to do so by a law enforcement official for reasons including (but not limited to) identifying or locating a suspect, a witness or a missing person, or investigating criminal activity. We will respond to only the requests that are required by law.

Coroners, medical examiners and funeral directors

We may disclose PHI to a coroner, medical examiner or funeral director when an individual dies.

Individuals in custody

If you are an inmate of a correctional institution or in custody of a law enforcement official, we may disclose your PHI to the appropriate correctional facility or law enforcement officials, in accordance with applicable laws, regulations and our policies.

Research

We may use or disclose your PHI for health research.

As otherwise permitted or required by law or legal process

We will disclose your PHI when we are required to do so by local, state or federal law or process of law including with the Department of Health and Human Services if the agency wants to monitor Geisinger’s compliance with federal privacy law.

NIH grants

For some National Institute of Health research grants, we may be required to disclose your PHI. In most cases, however, the information we disclose will be de-identified. 

Substance Use Disorder Treatment Information

If we receive or maintain any information about you from a substance use disorder treatment program that is covered by 42 CFR Part 2 (a “Part 2 Program”) through a general consent you provide to the Part 2 Program to use and disclose the Part 2 Program record for purposes of treatment, payment or health care operations, we may use and disclose your Part 2 Program record for treatment, payment and health care operations purposes as described in this Notice. If we receive or maintain your Part 2 Program record through specific consent you provide to us or another third party, we will use and disclose your Part 2 Program record only as expressly permitted by you in your consent as provided to us.

In no event will we use or disclose your Part 2 Program record, or testimony that describes the information contained in your Part 2 Program record, in any civil, criminal, administrative, or legislative proceedings by any Federal, State, or local authority, against you, unless authorized by your consent or the order of a court after it provides you notice of the court order. 

Additional rights under Pennsylvania Law

Pennsylvania law may further limit how we use or share your PHI including HIV-related records, records of alcohol or substance use disorder, inpatient mental health records and involuntary outpatient mental health treatment records. If Pennsylvania law applies to your PHI, we will use and disclose your PHI in compliance with these more restrictive laws.

Additional rights under New Jersey Law

New Jersey law may further limit our uses and disclosures in the case of your PHI.  This includes AIDS/HIV-related information, venereal disease information, genetic information, tuberculosis information, mental health information, certain drug and alcohol treatment information and certain information related to the emancipated treatment of a minor (e.g., when the minor seeks emancipated treatment for pregnancy or treatment related to the minor’s child or a sexually transmitted disease).  If New Jersey law applies to your PHI, we will use and disclose your PHI in compliance with these more restrictive laws and will obtain your specific authorization before using or disclosing these types of information where we are required to do so.  

Patient reunions

We may hold reunions for various patient groups to celebrate their success in treatment. If you are or were part of such a patient group, we may use your PHI to invite you.

Receiving payment for PHI 

Unless allowed by law, Geisinger will not sell your PHI and may not receive payment directly or indirectly for your PHI without your authorization.

Shared Electronic Health Record

Geisinger provides a shared electronic health record (EHR). Entities that participate in our shared EHR, now and in the future, will be able to use and disclose your PHI as described in their Notice of Privacy Practices if they have a treatment relationship with you. A list of entities participating in our EHR is provided below.

Universal Authorization

We believe that having a complete picture of your health status is important to providing quality medical care. This can be especially important in the case of an emergency room visit and when coordinating your care among covered entities (as defined by HIPAA).

The covered entities participating in the shared EHR (as described above) will only disclose PHI related to substance abuse disorder, your inpatient/involuntary mental health treatment records, or HIV/AIDs related treatment and testing records to covered entities outside the shared EHR as required or permitted by law or with your consent.

If you wish to share this PHI to facilitate treatment, payment and healthcare operations (each as defined by HIPAA), we ask that you review and sign a Universal Authorization (UA). The UA has recently been updated and is available at our offices or online at www.geisinger.org/about-geisinger/corporate/corporate-policies/hipaa.

If you have previously signed a UA, you do not need to take any further action to share this information as acknowledgment of this Notice of Privacy Practices serves as your consent to continue to share this information. If you do not sign the acknowledgment, we will turn off the sharing of this sensitive data until you either sign a new UA or the acknowledgment of the updated UA.

You can revoke a UA at any time by contacting our Privacy Office.

Your Rights

Your right to inspect and copy

You have the right to inspect and receive a copy (paper or electronic) of your PHI that may be used to make decisions about your care. You may also direct us in writing to transmit your PHI to another entity or individual.

To do so, you must complete a Patient Access Request Form. You can obtain the form and instructions online at: geisinger.org/about-geisinger/corporate/corporate-policies/hipaa

You may also obtain a copy of the form by contacting our Health Information Management Department directly using the contact information on the last page of this Notice. If you need assistance completing the form, please contact the Privacy Office. The contact information for the Privacy Office is located on the last page of this Notice.

Note that you will be charged a reasonable cost-based fee. Note also that we may deny your request to inspect and receive a copy of your PHI in very limited circumstances. If you are so denied, in some cases, you may request that the denial be reviewed. We will comply with the outcome of the review.

Authorizations

Certain disclosures require authorization. 

If you provide us with a written authorization to disclose your PHI, you may revoke (cancel) it at any time. Your revocation (cancellation) must be in writing. 

You may also wish to grant another individual or entity the right to access, discuss or obtain copies of your PHI. To do so, you must complete an authorization form that complies with the law. Geisinger provides several HIPAA compliant authorizations online at geisinger.org/about-geisinger/corporate/corporate-policies/hipaa.

Your right to request an amendment

We are required to retain your PHI regarding the care and treatment that we provided to you in accordance with applicable law. You have the right to request an amendment of PHI or ask us to correct a record about you in a designated record set for as long as your PHI is maintained in the designated record set. However, we may deny your request in the following circumstances:

The record was not created by Geisinger, unless you provide us with a reasonable basis to believe that the originator of PHI is no longer available to act on the requested amendment;

  • The record is not part of the designated record set;
  • The record would not be available for inspection under 45 CFR 164.524;
  • The record is accurate and complete.

Generally, we must respond in writing to your request within sixty (60) days. However, we may extend the time for such action by no more than thirty (30) days as provided under HIPAA. If we deny your request, we will tell you why in writing. You also have the right to submit a statement of disagreement that we must add to your medical record. 

Your right to an accounting of disclosures

You have the right to an accounting of disclosures. This is a list (accounting) of the times we’ve disclosed your PHI for six years prior to the date you ask, who we’ve shared it with and why. In compliance with the law, we will include all the disclosures except for those about treatment, payment and healthcare operations, and certain other disclosures (such as any you have asked us to make). We will provide you with an accounting of disclosures if you request it and in accordance with the law. Contact our Privacy Office to make such a request.

Your right to notification

We are required by law to maintain the privacy and security of your PHI. We will let you know as soon as possible, within the applicable time limits if a breach occurs. This will be done by mail or by other means if necessary.

Your right to request restrictions

You have the right to request restrictions on the PHI we use or disclose about you for treatment, payment, and health care operations. We are not required to agree to your request, and generally, we will not accept requests for such restrictions.

By law, if you have personally paid for a healthcare service or item, you may request that we do not share information about that service or item with your insurance company for reasons other than treatment. We will refrain from providing your insurer with PHI related to such care for payment or healthcare operations purposes. 

Your right to request confidential communications

You have the right to ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. We may require you to make this request in writing to the manager of your care site. We generally will say “yes” to all reasonable requests.

Your right to a paper copy of this Notice

Generally, you have a right to obtain a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time, even if you have agreed to receive this Notice electronically. You may also obtain a paper copy of this Notice at our hospitals and clinics.

Changes to this Notice

We may change this Notice at any time, and the changes will apply to all information we have about you.  Our website will have the most current version of this Notice at: https://www.geisinger.org/about-geisinger/corporate/corporate-policies/hipaa/notice-of-privacy-practices-ghs 

Complaints

If you believe your privacy rights have been violated, you may file a complaint with our privacy officer and/or the secretary of the U.S. Department of Health and Human Services. We have provided both addresses and contact information on the last page of this Notice. 

The covered entities of Geisinger value your right to privacy. You will not be retaliated against for filing a complaint.

Other uses of your PHI

Other uses and disclosures of your PHI not covered by the categories included in this Notice or applicable laws, rules or regulations will be made only with your written permission or authorization.

We are required to abide by the terms of this Notice.

Your Choices

Phone calls, texting and email

When you provide Geisinger with your telephone number, including your mobile number, or email you are consenting to give Geisinger permission to contact you via a phone call, text or email for certain important messages related to your healthcare. These communications can include, but are not limited to, appointment reminders, change in office hours or office closings, billing and payment issues, and other healthcare related messages. Some of these messages may be generated by an automated dialing system or include a prerecorded voice. Please be aware that text and messaging rates may apply.

When we contact you, we will provide you with the opportunity to opt out of similar communications in the future (such as by replying “STOP” to a text message). You may manage your communication preferences via your MyGeisinger/MyChart account. You may also opt out of these communications at your provider’s office, or by contacting our Privacy Office.

At any time, you may instruct Geisinger to stop all future texts by contacting our Privacy Office.

Appointment reminders

We may contact you via mail, telephone, text or e-mail to remind you of an upcoming appointment. We may leave you a message that includes the date, time and general information about an upcoming appointment.

If you do not wish to receive appointment reminders, please notify your healthcare professional.

Communicating with Geisinger using unsecure electronic communications

We recommend that you use secure electronic communications, such as our patient portal MyGeisinger/MyChart, when you contact us. Using unsecure electronic communications, such as regular email or text messaging, may result in certain risks such as interception by others or storage of your information on devices that are unsecured. If you choose to communicate with us via unsecure electronic communication, you are agreeing to accept these risks. Note that we may respond to you in the same manner to the email address or phone number from which you sent your message.

Email and texting are not a substitute for professional medical advice, diagnosis or treatment and should not be used in a medical emergency.

Marketing

We will not share your PHI for marketing purposes or accept any payment for marketing communications without an authorization. However, we may use or share your PHI for communications that are not considered marketing. For example, we may:

  • Contact you to give you information about products or services related to your treatment
  • Contact you to encourage you to maintain a healthy lifestyle and get recommended tests, participate in a disease management program, and tell you about government- sponsored health programs
  • Have face-to-face communications with you regarding products and services that are appropriate for your care
  • Provide you with promotional gifts of nominal value
  • Remind you to take and refill your medications, or otherwise communicate with you about a drug or biologic that is currently prescribed to you. Any payment we receive, direct or indirect, may only cover the reasonable cost to us of making the communication
  • Provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you

Hospital directory

Unless you tell us not to, we will include certain information about you in the hospital directory if you are admitted to one of our hospitals. This information may include your name, your location in the hospital, your general condition, your religious affiliation and whether you wish to have our spiritual care chaplains visit you.

This information may also be disclosed to people who ask for you by name, such as your relatives, friends, and the media. Your religious affiliation may be given to community clergy even if they don’t ask for you by name.

You may opt out of participating in the Hospital Directory at the time of admission or anytime during your admission.

Spiritual care staff

Our doctors and other healthcare providers work with our spiritual care chaplains as part of the treatment team at our hospitals unless you tell us that you do not want our spiritual care chaplains to be involved. Spiritual care chaplains may call on you during your hospital stay.

You may opt out at the time of your admission or anytime during your admission.

Fundraising

We may use or disclose certain information for the purposes of fundraising for Geisinger Foundation entities. The money raised will be used to expand and improve the services and programs we provide to the community. You are free to opt out of fundraising efforts at any time and your decision will have no impact on your treatment or payment for services. If you do not wish to participate in future fundraising activities, call 1-800-739-6882.

Health Information Exchanges

Geisinger participates or is required to participate in certain information sharing networks for treatment, payment or healthcare operations purposes. Exchange of health information can provide better coordination of care, faster access, and assist you and your providers in making more informed decisions regarding your care.

When we participate in any such exchange, your PHI will only be shared as permitted or required under HIPAA and other applicable federal and state privacy laws. Below is some additional information related to some of these exchanges.

Keystone Health Information Exchange (“KeyHIE” Exchange)

Keystone Health Information Exchange Inc. (“KeyHIE”) is a business associate of Geisinger and other participating covered entities. KeyHIE maintains and operates the Keystone Health Information Exchange (“KeyHIE Exchange”), which is a certified health information organization participating in the Pennsylvania Patient & Provider Network (“P3N”).

The KeyHIE Exchange enables the secure exchange of PHI to improve healthcare delivery and healthcare outcomes. P3N was established by Pennsylvania law (Act 121) and is part of a federal initiative to electronically share PHI. The Pennsylvania eHealth Partnership Authority (the “Authority”) has been charged with building the Pennsylvania network.

Geisinger participates in the KeyHIE Exchange. At any time, you may instruct Geisinger to stop sharing your PHI through the KeyHIE Exchange by contacting the Privacy Office. Our phone number and address are provided on the last page of this Notice. The Authority also maintains a separate P3N Opt-Out Registry. The opt-out form is online at paehealth.org.

We may use or disclose your PHI in connection with an HIE that we may participate in, for treatment, payment and health care operations purposes, such as to ascertain whether you have health insurance and what it may cover, and to evaluate and improve the quality of medical care provided to all our patients. Other healthcare providers and health plans may also have access to your information in the HIE for similar treatment, payment and healthcare operations purposes to the extent permitted by law. You have the right to “opt out” or decline to participate in the HIEs. If you have not opted out of the HIE, your PHI will be available through the HIE to participating health care providers and health plans in accordance with this Notice and the law.

CONTACT INFORMATION

The contact information for our Privacy Office is:
System Privacy Office 
MC 40-38
100 N. Academy Ave.
Danville, PA 17822
570-271-7360
systemprivacyoffice@geisinger.edu

The address for the Health Information Management Department is:
Geisinger Health Information Management Department Medical Reports
MC 13-11
100 N. Academy Ave.
Danville, PA 17822
570-214-6706

The address for the United States Department of Health and Human Services is:
U.S. Department of Health and Human Services
200 Independence Ave. SW
Washington, DC 20201
877-696-6775
Website: hhs.gov/ocr/privacy/hipaa/complaints

 

Important notice to patients who are not Residents of the United States

CONSENT TO PROCESSING YOUR INFORMATION IN THE UNITED STATES

The covered entities of Geisinger Health only provide healthcare and related services in the United States. We are subject to the United States laws and regulations that govern the privacy and security of patient healthcare information, as well as consumer protection laws and regulations of the United States and its individual states, as applicable. If you are a citizen or resident of a different country, the data protection laws of your country may differ as to how your personal information is protected. We want you to understand that when you provide your personal information to us or direct your healthcare provider to provide your information to us, your personal information will be transmitted to and processed in the United States. In doing that, you will be giving the covered entities of Geisinger Health your consent to process your information in the United States, in accordance with United States law, for our legitimate purpose in fulfilling your request or addressing your healthcare needs.

If you would like information about how Geisinger processes your personal information, please address your request to our Privacy Office at 570-271-7360 or at systemprivacyoffice@geisinger.edu. We will respond to your request in accordance with applicable U.S. laws.

*Footnote

Throughout this Notice of Privacy Practices (“Notice”), the terms “Geisinger” shall refer to the separate legal covered entities of Geisinger Health. Geisinger is comprised of Geisinger Health as parent and its subsidiaries, affiliates and members. Although Geisinger Health does not provide medical care or employ physicians, it is the corporate parent of the covered entities listed below, each of which is an individual corporate entity legally separate and distinct from Geisinger Health.

Unless a different Notice is provided and except as indicated above, this Notice will apply to all covered entities that Geisinger Health may acquire or affiliate with or that become our members in the future.

ORGANIZED HEALTH CARE ARRANGEMENT DESIGNATION

As covered entities, the below-listed separate Geisinger Health corporate legal entities are participating in an Organized Health Care Arrangement (“OHCA”). These separate corporate legal entities may share PHI as necessary to carry out treatment, payment and healthcare operations relating to the OHCA and for other purposes as permitted or required by law.

  • Geisinger Affiliated Covered Entities
  • Geisinger Indemnity Insurance Company
  • Geisinger Quality Options Inc.
  • Geisinger Health Plan

AFFILIATED COVERED ENTITY DESIGNATION

The following Geisinger covered entities are under common control and designate themselves as a single covered entity known as the “Geisinger Affiliated Covered Entities” for purposes of the HIPAA privacy rule. The Geisinger Affiliated Covered Entities are:

  • Geisinger Clinic (all sites)
  • Geisinger Medical Center (including its Geisinger Shamokin Area Community Hospital Campus)
  • Geisinger Wyoming Valley Medical Center (including Geisinger South 
  • Wilkes-Barre Campus)
  • Geisinger Community Health Services
  • Geisinger Bloomsburg Hospital
  • Geisinger Health Plan (added January 23, 2020)
  • Geisinger Jersey Shore Hospital
  • Geisinger Lewistown Hospital
  • GNJ Physicians Group, P.C.
  • Geisinger Pharmacy LLC
  • Community Medical Center d/b/a Geisinger Community Medical Center
  • Family Health Associates of Geisinger-Lewistown Hospital
  • West Shore Advanced Life Support Services Inc.
  • Geisinger Medical Center Muncy (December 2021)
  • Geisinger Marworth (February 2026)

ENTITIES PARTICIPATING IN THE GEISINGER SHARED ELECTRONIC HEALTH RECORD (EHR)

  • All Geisinger Affiliated Covered Entities
  • Caring Community Health Center, a Pennsylvania nonprofit corporation
  • Susquehanna Valley Medical Specialties, PC
  • Evangelical Community Hospital
  • Geisinger Behavioral Health Center Northeast
  • Geisinger Behavioral Health Center Danville
  • Last Revision Date: November 1, 2024
 
Content from General Links with modal content