THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Our Legal Responsibility
As your health care provider, we are legally required to protect the privacy of your health information, and to provide you with this Notice about our legal duties and privacy practices. This requirement applies to all patients served by University of Iowa Health Care and University of Iowa Student Health Services.
University of Iowa Health Care describes the partnership between University of Iowa Hospitals and Clinics and the Roy J. and Lucille A. Carver College of Medicine. Student Health Services provides health services to University of Iowa students. This Notice applies to health information held by both entities.
University of Iowa Heath Care and Student Health Services are legally required to follow the privacy practices described in this Notice. We will let you know promptly if an error occurs that may have compromised the privacy and security of your health information. If you have any questions or want more information about this Notice, please contact our Privacy Officer at the contact information listed at the end of this Notice.
Your Protected Health Information (PHI)
Throughout this Notice we will refer to your protected health information as PHI. Your PHI includes data that identifies you and reports about the care and services you receive at the hospital, in the clinics, or at Student Health Services.
This Notice applies to all of the records, both electronic and paper, about your care. It includes all information created by staff of University of Iowa Health Care or Student Health Services. This staff includes physicians, other health care professionals, students, and other departmental staff.
This Notice about our privacy practices explains how, when, and why we use and shareyour PHI. We may not use or disclose any more of your PHI than is necessary for the purpose of the use or disclosure, with some exceptions.
Changes to This Notice
We reserve the right to change the terms of this Notice and our privacy policies. Any changes will apply to your past, current, or future PHI. When we make an important change to our policies, we will change this Notice and post a new Notice on our website (uihealthcare.org). We will have available a copy of the revised Privacy Notice in the place where we provide medical services. The Notice will contain the effective date on the last page. You may also request a copy of our current Privacy Notice at any time from the University of Iowa Hospitals and Clinics Registration Desks.
Uses of Protected Health Information
University of Iowa Heath Care and Student Health Services collect health information about you and store it in a chart and on a computer. This is your medical record. The medical record is the property of University of Iowa Hospitals and Clinics or Student Health Services, but the information in the medical record belongs to you.
We are allowed by law to use and share health information with others without your consent or as the UI Hospitals and Clinics general consent form permits for many reasons. The following examples describe the categories of our uses and disclosures. Please note that not every use or disclosure in each category is listed.
- We may use and disclose medical information about you to physicians, nurses, technicians, physicians in training, or other health care professionals who are involved in your care. For example, if you are being treated for a knee injury, we may disclose your PHI to the Department of Rehabilitation Therapies. Different health care professionals, such as pharmacists, lab technicians, and x-ray technicians, also may share information about you in order to coordinate your care. In addition, we may send information to the physician who referred you to University of Iowa Health Care, or other health care providers not affiliated with UI Hospitals and Clinics who are involved in your care. At all times, we will comply with any regulations that apply.
- We may use and disclose your PHI in order to bill and collect payment for the treatment and services we provided to you. For example, we may provide PHI to an insurance company or other third party payor in order to obtain approval for treatment or admission to the hospital. We may also share your health information with another doctor or hospital that has treated you so that they can bill you, your insurance company, or a third party.
- Health care operations
- We may use and disclose your PHI as part of our routine operations. For example, we may use your PHI to evaluate the quality of health care services you received or to evaluate the performance of health care professionals who cared for you. We may also disclose information to physicians, nurses, technicians, medical, nursing and other health professional students, and other hospital personnel as part of our educational mission.
- Business Associates
- We may share your health information with others called “business associates,” who perform services on our behalf. The Business Associate must agree in writing to protect the confidentiality of the information. For example, we may share your health information with a billing company that bills for the services we provide.
- Appointment reminders and health-related benefits or services
- We may use your PHI to provide appointment reminders or give you information about treatment alternatives or other health care services.
- Public health activities
- We report information about births, deaths, and various diseases to government officials in charge of collecting that information. We provide coroners, medical examiners, and funeral directors information about an individual’s death.
- Responding to law enforcement and legal process
- We may disclose PHI to government agencies and law enforcement personnel when the law requires it. For example, we report about victims of abuse, neglect, or domestic violence, and gunshot victims, and when ordered to do so in judicial or administrative proceedings.
- Health oversight activities
- We may disclose PHI to a health oversight agency for audits, investigations, inspections, and licensure, as authorized by law. For example, we may disclose PHI to the Food and Drug Administration, state Medicaid fraud control, or the U.S. Department of Health and Human Service Office for Civil Rights.
- Research studies
- We may disclose your PHI to help conduct research. Research may involve finding a cure for an illness or helping to determine how effective a treatment is. In research studies, a Privacy Board or Institutional Review Board determines that measures are in place to protect your identity from disclosure to organizations outside of University of Iowa Health Care. You may be asked to participate in a research study, and if you agree, you will need to give special authorization to disclose your PHI outside of University of Iowa Health Care.
- Organ or tissue donation
- We may use your PHI to notify organ donation organizations, and to assist them in organ, eye, or tissue donation and transplants.
- Workers’ compensation purposes
- We may disclose PHI at your employer’s request regarding a work-related injury.
- National security and intelligence activities
- We may release PHI to authorized federal officials when required by law. This information may be used to protect the President, other authorized persons or foreign heads of state, to conduct special investigations, for intelligence and other national security activities authorized by law.
Uses and Disclosures for which You Have the Opportunity to Object
- Hospital Directory
- We will use your name, the location at which you are receiving care, your general condition, and your religious affiliation for directory purposes. All of this information, except religious affiliation, will be disclosed to people who ask for you by name. If you object to this use, we will not include this information in the directory and will not share it. To object, please notify a member of your nursing staff.
- Healthcare Affiliates/Alliances
- We participate in a variety of electronic health information data sharing agreements with other health care providers, public health organizations, and payors. These data sharing arrangements are to facilitate treatment, improve health care operations, and allow for an analysis of care provided in all settings. These data sharing arrangements are designed to assure appropriate protections are in place and prevent the inappropriate release of your protected health information. If you do not wish to participate in these data sharing arrangements, please notify our Privacy Officer at the contact information listed at the end of this Notice.
- We may use your PHI in efforts to raise money for University of Iowa Health Care. We may provide your PHI to the University of Iowa Foundation for this purpose. We would release contact information only, such as your name, address, phone number, and the dates that health care was provided to you. If you do not want University of Iowa Health Care to contact you for fundraising efforts, please notify our Privacy Officer at the contact information listed at the end of this Notice.
- Disclosures to family, friends, or others
- We may provide your PHI to a family member, friend, or other person you tell us is involved in your care or involved in the payment of your health care, unless you object in whole or in part. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest. This could include sharing information with your family or friend so they can pick up a prescription or a medical supply. We may also share medical information about you with an organization assisting in a disaster relief effort.
- Except as described above, all other uses and disclosures of your PHI will require your authorization. Examples of cases where we never share your PHI unless you give us written permission include marketing purposes, sale of your PHI, or psychotherapy notes.
Your Rights Regarding PHI
You have the right to:
- Request Restrictions
You can ask us not to use or share certain PHI for treatment, payment of health care operations purposes. We will consider your request, but we are not legally required to accept it. If we accept your request we will document any limits in writing and follow them except in emergency situations. You may not limit the uses and disclosures that we are legally required or allowed to make. To request a restriction, notify the Privacy Officer listed at the end of this Notice.
But, if you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for purposes of payment or other operations with your health insurer. We will say “yes” to this request unless a law requires us to share that information.
To request a restriction, notify the Privacy Officer listed at the end of the Notice.
- Request Confidential Communications
- You can ask that we send PHI to you at a different address or contact you about your health information in a certain way. For example, you may wish to have appointment reminders and test results sent to a PO Box or a different address than your home address. We will say “yes” to reasonable requests. To make a request, contact Patient Financial Services listed at the end of this Notice, or any member of your health care team. You do not need to provide a reason for your request.
- Inspect and Copy
- You have the right to inspect and obtain a copy of medical information that may be used to make decisions about your care. You have the right to see or receive this copy in electronic format. Usually, this information includes the medical record and billing records. To see or obtain a copy of medical or billing information, please submit your request in writing to either: 1) Release of Information, for medical information; or 2) Patient Financial Services, for billing, both listed at the end of this Notice. We will make every effort to respond to your request within a reasonable period of time. You may be charged a fee to cover the costs associated with your request.
- Accounting of Disclosures
- You have the right to obtain a list of instances in which we have disclosed your PHI. You may request this list for a period of six years prior to the date you ask for the list. We will provide the times we have shared your PHI, who we shared it with, and why. The list will not include uses or disclosures that you have specifically authorized in writing, such as copies of records to your attorney or to your employer. Please submit your request in writing to the Privacy Officer listed at the end of this Notice. We will provide one list a year free, but will charge a reasonable cost-based fee if you ask for another list within twelve months.
- You have the right to ask us to correct your PHI if you think that information is inaccurate or incomplete in your medical record or billing record. You may request a correction for as long as that record is maintained. You may submit a written request for a correction to either: 1) Release of Information, for corrections to your medical record; or 2) Patient Financial Services, for amendment to your billing record. University of Iowa Health Care may say “no” to your request, but we will tell you why in writing within 60 days.
- Paper Copy of this Notice
- You can ask for a paper copy of this Notice at any time, even if you have asked to receive it electronically. You may pick up a copy at any check-in point throughout the hospital and clinics, at the Registration Desk, at Student Health Service, or request that a copy be sent to you.
Revocation of Permission
If you provide us with permission to use or disclose your medical information, you may revoke that permission at any time. Please make your request in writing to Release of Information at the contact information listed at the end of this Notice.
If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written revocation. We are unable to take back any disclosures previously made with your permission. Also, we are required to keep all records of the care that we provided to you.
Complaints and Questions
If you believe your privacy rights have been violated, you may file a complaint with University of Iowa Health Care or with the Secretary of the U.S. Department of Health and Human Services.
To file a complaint with University of Iowa Health Care, notify the University of Iowa Health Care Privacy Officer at the contact information listed below. You may also contact the Office of Patient Relations listed below. You will not be penalized for filing a complaint and your care will not be compromised.University of Iowa Hospitals and Clinics
Office of Patient Relations
200 Hawkins Drive, CC102 GH
Iowa City, IA 52242-1009
If you have questions about this Notice, or have any complaints about our privacy practices, please contact:University of Iowa Hospitals and Clinics
200 Hawkins Drive, 1346 JCP
Iowa City, IA 52242-1009
||Privacy Officer listed above|
University of Iowa Hospitals and Clinics
Patient Financial Services
200 Hawkins Drive
Iowa City, IA 52242-1084
University of Iowa Hospitals and Clinics
Release of Information
200 Hawkins Drive, 2040 SRF
Iowa City, IA 52242-1085
If you would like to file a complaint with the Secretary of the U.S. Department of Health and Human Services, please contact:U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
This notice is in effect February 19, 2015.