This Notice applies to any health care facility or medical group now or in the future controlled by or under common control with Advocate Aurora Health and any of its affiliates or subsidiaries (collectively referred to as "Advocate Aurora Health " and designated as an Affiliated Covered Entity), which includes without limitation the following:
We understand that medical information about you and your health is personal. We are committed to protecting your medical information. Each time you visit a hospital, physician, or other health care provider, they document information about you and your visit. Typically, this record contains, among other information, your name, symptoms, health history, examination and test results, diagnoses, current and future treatment, and billing-related information (“Medical Information”). This Medical Information is used to provide you with quality care and to comply with certain legal requirements.
This Notice will tell you how we may use and disclose Medical Information about you. It also describes your rights and certain obligations we have regarding the use and disclosure of your Medical Information.
We are required by law to:
The following categories describe different ways in which we may use and disclose your Medical Information without your written permission. With respect to use and disclosure of your Medical Information for Treatment, Payment and Health Care Operations, we may share your Medical Information with any of the entities referenced in this Notice, or any physician or other health care provider as allowed by law.
We may use your Medical Information to provide, coordinate or manage your medical treatment and related services. Your Medical Information can be shared with physicians, nurses, technicians and others involved in your care and these individuals will collect and document information about you in your medical record. To assure immediate continuity of care, we may disclose information to a physician or other health care provider who will be assuming your care. For example, different departments may share your Medical Information to coordinate the different services you may need such as prescriptions, lab work, meals and X-rays or other diagnostic tests. To facilitate access to information for the treatment purposes of shared patients, Advocate Aurora Health may participate in the electronic exchange of health information with other entities.
In most cases, we may use and disclose your Medical Information so that the treatments and services you receive may be billed and payment may be collected from you, an insurance company or a third party. For example, we may need to give information about the surgery you received to your health plan so your health plan will pay us or reimburse you for the surgery. We also may tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment. In certain situations, we may disclose your Medical Information to a collection agency if a bill is not paid. Additionally, we may also disclose your health information to another health care provider for their payment related activities.
We may use and disclose your Medical Information in connection with our health care operations including, but not limited to the following:
Additionally, we may also disclose your Medical Information to another covered entity that you have seen so they may improve their quality or cost, or for their other health care operations purposes.
In an effort to improve the quality and efficiency of health care in our surrounding communities through the adoption of interoperable electronic medical records, Advocate Aurora Health may allow other health care providers to participate in a joint electronic medical record. As an example, by allowing other health care providers to share an electronic medical record, they can improve the efficiency of a patient's health care with the ability to electronically prescribe medications or order tests. These health care providers are also held to the same high standards for protecting the privacy and security of Medical Information. Health care provider participants are expected to ensure that users of the joint electronic medical record only access, use, and disclose the Medical Information only in accordance with applicable law and policies.
When you are a patient in our hospital, we may list your name, room location, general condition (such as fair or stable), and religious affiliation in the hospital's inpatient directory. This directory information, except for your religious affiliation, may be provided to people who ask for you by name. We may disclose your name, room location, general condition, and religious affiliation to a member of the clergy who asks for you by your name or by your listed religious affiliation. We may also disclose your name and general condition to a member of the media who asks for you by name. If you do not want to be listed in our hospital directory or do not want us to give such information to members of either the clergy, media, or general public, you must inform your nurse or a registration representative. Please note that if you are not listed in our hospital directory, we will not confirm to those who ask for you at the visitors' desks or who call the operator that you are currently a patient. In addition, you will not be able to receive mail or flower deliveries.
If you are receiving mental health or substance use services in an inpatient behavioral health unit during this hospitalization, we will not disclose any information without your prior written authorization.
We may disclose the minimum necessary Medical Information about you to a family member, other relative, close personal friend or any other person you identify who is involved in your medical care. We also may disclose the minimum necessary information to someone who helps pay for your care. If you are able and available to agree or object, we will give you the opportunity to agree or object to such uses and disclosures. If you are not available or in the event of an emergency or other situation where you are not able to identify your chosen person(s) to receive communications about you, we may exercise our professional judgment to determine whether such a disclosure is in your best interest, who is the appropriate person(s) and what Medical Information is relevant to their involvement with your health care. We may also disclose your Medical Information to an organization, such as the American Red Cross which is assisting in a disaster relief effort, so that your family can be notified about your condition, status and location. We will also use our professional judgement and our experience with common practice to make reasonable inferences of your best interest in allowing a person to pick up filled prescriptions, medical supplies, X-rays or other similar forms of Medical Information.
Under certain circumstances, we may use or disclose your Medical Information to identify you as a potential candidate for a research study that has been approved by an Institutional Review Board. This approval is given after an evaluation of a proposed research project and its uses of Medical Information, and always with an effort to balance the requirements of sound research with patients' need for privacy of their Medical Information. We may disclose Medical Information about you to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs, so long as the Medical Information they review does not leave the site. We may use or disclose your Medical Information without your consent or authorization if an Institutional Review Board or Privacy Board approves a waiver of authorization for disclosure.
We may use or disclose your Medical Information to prevent or lessen a serious and imminent threat to a person's or the public's health or safety.
We provide some services through other persons or companies that need access to your health information to carry out these services. The law refers to these persons or companies as our Business Associates. We may disclose, as allowed by law, your health information to our Business Associates so that they can do the job we have contracted with them to do. Examples of Business Associates include companies that assist with billing services or copying medical records. We may send other business associates called registries (such as a Cancer Registry) summarized information about patients who have been treated with similar problems such as cancer or trauma, to help physicians improve the quality of care for other patients with similar problems. We require through a written contract that our Business Associates use appropriate safeguards to ensure the privacy of your Medical Information.
Advocate Aurora Health is a not-for-profit organization that relies on charitable gifts to support its mission. In the continuing effort to enhance Advocate Aurora Health's capacity to conduct its mission of service to patients and families, periodic communications and invitations to donate may be sent to patients' families and friends of Advocate Aurora Health by the Advocate Charitable Foundation or Aurora Health Care Foundation. The law allows us to share minimal information about you with our fundraising foundations; however, we will not share your information with other organizations for fundraising purposes. If you do not wish to receive communications from Advocate Charitable Foundation, please write to Advocate Charitable Foundation, 3075 Highland Parkway Suite 600, Downers Grove Illinois 60515, call 630-929-6900, or email email@example.com. If you do not wish to receive communications from the Aurora Health Care Foundation, please visit Aurora.org/FoundationOptOut or call 877-460-8730.
Advocate Charitable Foundation, mission and spiritual care, Aurora Health Care Foundation representatives, or others on their behalf may on occasion visit you during your stay in the hospital in order to inquire about the quality of your stay or to offer any needed assistance. If you do not want Advocate Charitable Foundation or Aurora Health Care Foundation representatives, mission and spiritual care, or others on their behalf to be informed about your hospital stay, please inform your nurse or a registration representative during your stay at the hospital.
We may use and disclose your Medical Information to contact you at the address and telephone numbers you give us about scheduled or canceled appointments with your physicians or other health care team members, registration or insurance updates, billing and/or payment matters, information about patient care issues, treatment choices and follow-up care instruction, and other health-related benefits and services that may be of interest to you. This may include leaving messages at your home or on voicemail or mailing you postcard reminders. Such communications may be sent to you via text message or email, to the extent that we have been provided with a cell phone number or email address.
We may also use and disclose your Medical Information without your written permission for the following purposes:
Advocate Aurora Health participates in the About Health Organized Health Care Arrangement (OHCA), an organized system of health care in which more than one covered entity participates in the joint arrangement. The purpose of the participation includes conducting quality assessment and improvement activities, conducting utilization review, and performing other clinically integrated network activities. Your Medical Information may be shared with other About Health OHCA participants for these purposes.
We may disclose your Medical Information in the course of a judicial and administrative proceeding, in response to an order of a court or other tribunal to the extent that such disclosure is authorized and, in certain conditions, in response to a subpoena, discovery request or other lawful process.
We may disclose your Medical Information to the police or other law enforcement officials as part of law enforcement activities, in investigations of criminal conduct, in response to a court order, in emergency circumstances, or when otherwise required to do so by law.
We may disclose your Medical Information when required by law to do so.
We may disclose your Medical Information to organization for the purpose of disaster relief efforts.
We may release Medical Information about you to a coroner or medical examiner as necessary to identify a deceased person or to determine the cause of death. We also may release your Medical Information to funeral directors as necessary for them to carry out their duties.
If you are an organ donor, we may release your Medical Information to organizations that obtain organs or handle organ, eye or tissue transplantation. We may also release your Medical Information to an organ bank to arrange for organ or tissue donation and transplantation.
If you are a member of the military or a veteran, we may release your Medical Information to the proper authorities so they may carry out their duties under the law.
If you are an inmate in a correctional institution or in the custody of a law enforcement official, we may disclose Medical Information about you to the correctional institution or law enforcement official as necessary so that their duties can be carried out under the law.
We may disclose your Medical Information as allowed or required by state law relating to workers' compensation benefits for work-related injuries or illness or to other similar programs.
We may disclose your Medical Information for the following public health activities: (1) to report health information to public health authorities for the purpose of preventing or controlling disease, injury or disability; (2) to report child abuse and neglect to public health authorities or other government authorities authorized by law to receive such reports; (3) to report information about products and services under the jurisdiction of the U.S. Food and Drug Administration; (4) to alert a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition; and (5) to report information to your employer as required under laws addressing work-related illnesses and injuries or workplace medical surveillance. The appropriate government authorities may also be notified if we reasonably believe a patient has been the victim of elder abuse, neglect or domestic violence.
We may disclose your Medical Information to local, state or federal government authorities or agencies that oversee health care systems and ensure compliance with the rules of government health programs, such as Medicare or Medicaid and, under certain circumstances, to the U.S. Military or U.S. Department of State.
Other uses and disclosures of your Medical Information will be made only with your written permission unless otherwise permitted or required by law. If you provide us with permission to use or disclose Medical Information about you, you may revoke that permission in writing at any time. If you revoke your permission, we will no longer use or disclose Medical Information about you for the reasons covered by your written permission. Please understand that we are unable to take back any disclosures already made with your permission and that we are required to retain the records of the care provided to you.
We must obtain your written authorization for most uses and disclosures of psychotherapy notes, uses and disclosures of Medical Information for marketing purposes and disclosures that constitute the sale of Medical Information. Additionally, other uses and disclosures of Medical Information not described in this Notice will be made only when you give us your written permission on an authorization form (“Your Authorization”). For instance, you will need to sign and complete an authorization form before we can send your PHI to a life insurance company.
Federal and state laws require special privacy protections for certain highly confidential information about you (“Highly Confidential Information”). This Highly Confidential Information may include the subset of your Medical Information that is maintained in psychotherapy notes. Other Highly Confidential Information may include HIV test results, mental health or substance use information regulated by other laws. These state and federal laws may have more restrictive requirements. In most cases, in order for us to disclose your Highly Confidential Information for a purpose other than those permitted by law, we must have Your Authorization.
You may withdraw (revoke) Your Authorization or any written authorization regarding your Highly Confidential Information (except to the extent we have taken action in reliance upon it) by delivering a written statement to the Privacy Officer identified below.
You have the following rights regarding the Medical Information we maintain about you:
You may request access to your medical record and billing records maintained by us in order to inspect and request copies of the records. Under limited circumstances, we may deny you access to a portion of your records. If you would like to access your records, you must submit your request in writing.
If you request a copy of your Medical Information, we may charge you a cost-based fee, consistent with applicable state law, that includes labor for copying the Medical Information; supplies for creating the paper copy or electronic media if you request an electronic copy on portable media; our postage costs, if you request that we mail the copies to you; and if you agree in advance, the cost of preparing an explanation or summary of the Medical Information. If you are denied access to your Medical Information, you may request that the denial be reviewed. A licensed health care professional chosen by Advocate Aurora Health will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the decision that is the outcome of the review.
If you feel that the Medical Information we have on record is inaccurate or incomplete, you have the right to request an amendment as long as the information is kept by or for Advocate Aurora Health. If the Medical Information is kept by another hospital or provider, we cannot act on your request. You must contact them directly. Your request for an amendment must be in writing and must state the reasons for the request. The written request can be made using the amendment request form available in the medical records department at each Advocate Aurora Health site of care. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. We are not obligated to make all requested amendments, but will give each request careful consideration. If your request is denied, you have the right to send a letter of objection that will then be attached to your permanent medical record. Please note that even if we accept your request, we may not delete any information already documented in your medical record.
You have the right to ask us for an “accounting of disclosures.” This is a listing of certain individuals or entities that have received your Medical Information from Advocate Aurora Health.
The listing will not cover Medical Information that was given to you or your personal representative or to others with your permission. In addition, it will not cover Medical Information that was given in order to:
Your request for an accounting of disclosures must be made in writing. The list you receive will include only the disclosures made for the time period indicated in your request, but may not exceed a six-year period prior to the date of your request. The first list you request within a 12-month period will be free. For additional lists, we may charge you for the reasonable costs associated with providing the list. We will notify you of costs involved. You may choose to withdraw or modify your request at any time before costs are incurred.
You have the right to ask us to restrict or limit the Medical Information we use or disclose about you for treatment, payment or healthcare operations. In addition, if you pay for a particular service in full, out-of-pocket, on the date of service, you may ask us not to disclose any related Medical Information to your health plan for payment or health care operations purposes. Unless required by law, we are not required to agree to all requests. If we do agree, we will comply unless the information is needed to provide emergency treatment. Requests for a restriction must be made in writing and may be submitted to the medical record department at the location where you receive health services, or at the point of care for requests for restrictions to your health plan for services that were paid out-of-pocket.
Upon your request, you may obtain a copy of this Notice, either by email or in paper format. To do so, please submit your request to Privacy Officer, Advocate Aurora Health, 3075 Highland Parkway, Suite 600, Downers Grove, Illinois 60515, phone: 630-929-5922 or to Privacy Officer, Advocate Aurora Health, 750 W. Virginia Street, Milwaukee, WI 53204, phone: 877-592-7996. You also may access a copy of this Notice on our web site at www.AdvocateAuroraHealth.org.
This Notice is effective on April 1, 2018, unless and until it is revised by Advocate Aurora Health.
We reserve the right to change our privacy practices, policies and procedures and our Notice of Privacy Practices at any time. We also reserve the right to make the revised privacy policies, procedures and Notice effective for Medical Information we already have about you as well as any information we receive in the future. We will post a copy of the current Notice in Advocate Aurora Health facilities and on our Internet site. You may also obtain any new notice by contacting the Privacy Officer. In addition, each time you register or are admitted to Advocate Aurora Health as an inpatient or outpatient, a copy of the current Notice will be available.
If you would like more information about your privacy rights, if you are concerned that we may have violated your privacy rights, or if you disagree with a decision that we made about access to your Medical Information, you may contact our Privacy Officer. Also, you may make a complaint by calling our Privacy Officer at 630-929-5922 for Advocate facilities or 877-592-7996 for Aurora facilities. You may also file written complaints with the Director, Office for Civil Rights of the U.S. Department of Health and Human Services. Upon request, the Privacy Officer will provide you with the correct address for the Director. We will not retaliate against you if you file a complaint with us or the Director.
You may contact the Chief Privacy Officer at:
Chief Privacy Officer
Advocate Health Care
3075 Highland Parkway, Suite 600
Downers Grove, Illinois 60515
Chief Privacy Officer
Aurora Health Care
750 W. Virginia Street
Milwaukee, WI 53204