Our principal goal at Aurora Health Care, Inc. is to keep you healthy and to offer services that will meet your needs. In order to perform these services, we collect, create, use and disclose information about you. We are dedicated to keeping your health information private, in accordance with federal and state law. As required by the federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), we provide you with this notice of our legal duties with respect to health information. We are required to follow the terms of this notice currently or any revision to it that is in effect. We reserve the right to make changes to this notice as allowed by law. Changes to our privacy practices will apply to all health information we maintain.
If we change this notice, you can access the revised notice using one of these options:
How We May Use and Disclose Your Health Information
We may use your health information and disclose it to appropriate persons, authorities and agencies, as allowed by federal and state law. We may do this without your written permission for the following purposes:
Treatment. As we treat you or for others who provide treatment to you, we may need to use and disclose your health information to other health care providers from within or outside of Aurora Health Care, Inc. For example, a doctor may use the information in your medical record to find the best treatment option for you or a pharmacist may call your doctor to ask questions about a prescription. In some cases, our staff may use or disclose your health information to help your doctor and our health care team manage your disease. To facilitate access to information for the treatment purposes of shared patients, Aurora may participate in the electronic exchange of health information with other entities.
Payment. We may use your health information and disclose it to insurance companies or employer health plans, and to others in order to receive payment for your bill. For example, we must submit a bill to your insurance company that states your name, what is wrong with you, how we are treating you, and other information in order for us to receive payment. In certain situations, we may disclose your health information to a collection agency if a bill is not paid. Additionally, we may also disclose your health information to another health care provider for their payment related activities.
Health Care Operations. We may use the information in your medical record to help us improve the quality or cost of the care we give, or to respond to appropriate questions about the care provided. For example, we may study how doctors and nurses manage patient treatment after surgery, to learn the best way to help patients recover. We may use your health information to look at the care you received from doctors, nurses, pharmacists or other health care professionals. We may use your health information for our accreditation activities. We may disclose your health information to another health care professional or covered entity that you have seen so they may improve their quality or cost, or for their other health care operations purposes.
Reminders and Information Sharing. We may use your health information to remind you of an appointment or to tell you about treatment options or health products and services that may be of interest to you. For example, we may send you a letter telling you about a new health care facility that is opening in your area.
Fundraising. In support of our charitable mission, we may use your health information (for example, your name, address, phone number, treatment dates and treating physician) to contact you about supporting our fundraising efforts. Through philanthropy, we seek to advance our patient care programs and services. For example, we use charitable gifts to fund heart and cancer research and needed charity care. You have a right to opt-out of receiving fundraising communications.
Other Ways We May Disclose Your Health Information
We may also use and disclose your health information without your written permission for the following purposes:
Hospital Patient Directory. If you are hospitalized, we may keep brief information about you in our directory. Unless you tell us otherwise, we may disclose where you are in our facility (for example, your room or phone number) and your general health condition (for example, "stable" or "good") to anyone who asks for you by name. We will also disclose your religious affiliation to clergy, even if they do not ask for you by name.
Family and Friends for Care and Payment. Unless you request otherwise, your health information may be disclosed to your family members, relatives, close friends or others who are helping care for you or helping you pay your medical bills. For example, we may tell these people where you are and how you are doing. If you are able and available to agree or object, we will give you the opportunity to agree or object to such uses and disclosures. If you are not available or in the event of your incapacity or emergency circumstances, we will disclose health information using our professional judgment - disclosing only information that is directly relevant to the person's involvement in your health care or payment for your health care. We will also use our professional judgment and our experience with common practice to make reasonable inferences of your best interest in allowing a person to pick up filled prescriptions, medical supplies, X-rays or other similar forms of health information.
Disaster Relief Efforts. We may disclose your health information to organizations for the purpose of disaster relief efforts.
Required by Law. We may disclose your health information when required by law to do so.
Public Health. We may disclose your health information to authorities to help prevent or control disease, injury, or disability. For example, we are required to report certain diseases (for example, cancer), injuries, birth or death information, and information of concern to the Food and Drug Administration (FDA) and the State of Wisconsin. We may also report work-related illnesses and injuries to your employer for workplace safety purposes.
Reporting Victims of Abuse or Neglect. We may disclose your health information, if we believe you have been a victim of abuse or neglect, to a government authority if required or allowed by law, or if you agree to the disclosure.
Health Care Oversight. We may disclose your health information to authorities and agencies for oversight activities allowed by law, including audits, investigations, inspections, licensing, disciplinary actions, or legal proceedings. These activities are necessary for oversight of the health care system, government programs and civil rights laws.
Legal Proceedings. We may disclose your health information in the course of certain legal proceedings. For example, we may disclose your information in response to a court order.
Law Enforcement. We may disclose your health information to law enforcement officials for specific purposes. For example, we may disclose your health information when required by law to report certain injuries.
Death. We may disclose your health information to coroners, medical examiners (for example, to find out the cause of death) and funeral directors so they can carry out their duties.
Organ, Eye or Tissue Donation. We may disclose information to people involved in obtaining, storing or transplanting donated organs, eyes or tissue.
Research. We may disclose your health information to researchers who have received approval from the Aurora Health Care, Inc. Institutional Review Board or other institutional review boards contracted by Aurora to conduct a specific research project. These researchers agree not to disclose information that would allow you to be identified, except as allowed by law. For example, a research study may measure the success of a treatment or medication in treating or curing a targeted illness or condition.
Under state and federal law, we may use, keep and share for our research purposes "de-identified" health information, which is not considered private information because it does not identify you. Our research data warehouse stores health information that can be tracked back to the patient to whom it pertains only through a code; and access to the code is restricted to specified and specially trained Aurora caregivers who do not have any responsibility for research or patient care. De-identified health information is used by Aurora researchers to study disease and treatments, and may be shared with other approved users of the research data warehouse to develop new research proposals, treatments or commercial products. Using this tool, we hope to improve our ability to offer patients the opportunity to participate in clinical trials if they wish, and to improve long-term analyses that may help to improve the effectiveness and safety of health care. If you do not want your de-identified research information to be included in our RAPID program, you must contact us toll-free at 855-229-0926. We will stop including your de-identified information, but we will not be able to remove your de-identified information that has already been included.
Serious Threats to Health or Safety. We may disclose your health information to the proper authorities if we believe in good faith that this will help prevent or lessen a serious threat to your or the public's health or safety. We do so as allowed by law and standards of ethical conduct.
Military, National Security, Law Enforcement Custody. We may disclose your health information to the proper authorities so they may carry out their duties under the law. This applies if you are or were involved with the military, national security or intelligence activities. It also applies if you are in the custody of law enforcement officials or an inmate in a correctional institution.
Workers' Compensation. We may disclose your information in order to comply with the laws related to Workers' Compensation or similar programs. These programs may provide benefits for work-related injuries or illness.
We may use or disclose your information only with your written permission, except as described in the previous sections. If you give us your permission, you may withdraw such permission at any time by notifying us in writing, except if we have already taken action based upon your permission.
Disclosures Requiring Your Permission
Other uses and disclosures not described in the previous sections of this notice may be made only with your permission. Specifically, we would be required to obtain your permission for the following types of uses and disclosures:
Marketing. We would obtain your permission before using or disclosing your health information for marketing purposes, except if the communication is made face-to-face with you or involves providing you with a promotional gift of nominal value.
Sale of Information. We would obtain your permission before making any disclosure that constitutes a sale of health information.
Psychotherapy Notes. For our entities that provide behavioral health services and maintain psychotherapy notes as defined by the HIPAA privacy rules, we would obtain your permission for most uses and disclosures of psychotherapy notes. Psychotherapy notes are very specific types of notes recorded by a mental health professional documenting or analyzing the contents of conversation during counseling sessions and kept separate from the rest of the medical record.
Withdrawing Your Permission
In circumstances that require your permission, you may withdraw such permission at any time by notifying us in writing. If you withdraw your permission, we will no longer use or disclose your health information for the purposes specified in the authorization, except if we have already taken action based upon your permission.
A Note on Other Restrictions
Please be aware that state and federal law may have more requirements than HIPAA on how we use and disclose your health information. If there are specific, more restrictive requirements, even for some of the purposes listed above, we may not disclose your health information without your written permission as required by such laws. For example, we will not disclose your HIV test results without obtaining your written permission, except as permitted by state law. We may also be required by law to obtain your written permission to use and disclose your information related to treatment for a mental illness, developmental disability, or alcohol or drug abuse.
There may be other restrictions on how we use and disclose your health information than those listed above. We believe state and federal laws discussing such restrictions are Wisconsin Statutes Sections 146.82, 51.30, 252.15, and 905.04; Wisconsin Administrative Code DHS 92 and 124.14; and 42 C.F.R. Part 2 and 45 C.F.R. Parts 160 and 164; Illinois Statutes Sections 20 ILCS 301/1, 410 ILCS 50/0.01, 410 ILCS 305/1, 410 ILCS 513/1, 740 ILCS llO/1 and Illinois Administrative Code 77 Ill. Adm. Code Part 697.
Your Health Information Rights
As a patient or customer who receives health care services from Aurora Health Care, Inc., you have the right to:
Read and copy your health information. With a few exceptions, you have the right to read and obtain a copy of your health information. We may charge you a reasonable fee if you want a copy of your health information. If we deny your request to review or obtain a copy, you may submit a written request for a review of that decision. If you request an electronic copy and the health information you are requesting is maintained electronically, we would provide the copy electronically in the form you request if it is readily producible, or if not, in an agreed upon readable electronic form. You have a right to request, in writing, that we transmit a copy of your health information directly to another individual.
Request to correct your health information. If you believe there is an error in your health information or something has been left out, you may ask us to correct the information. You must make the request in writing and give the reason why your health information should be changed. If we did not create the information you believe is incorrect, or if we disagree with you and believe your health information is correct, we will deny your request. You may appeal to us in writing if we deny your request.
Request to restrict certain uses and disclosures of your information. You have the right to request in writing that we restrict how your health information is used or disclosed. For most requests, under the law, we are not required to agree to your request. In some cases, we may not be able to agree to your request because we do not have a way to tell everyone who would need to know about the restriction. There are other instances in which we are not required to agree with your request. We will inform you when we cannot find a way to carry out your request. You have the right to request restrictions to the disclosure of your health information to a health plan when the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law. We will agree to these requests if the information to be restricted pertains solely to a health care item or service for which you or another person on your behalf (other than a health plan) has paid out of pocket in full. You may request a restriction in these ways:
Receive information at a different place or by different means. You have the right to ask that we send information to you in different ways or at different places. For example, you may wish to receive a test result at an address other than your home address. We will grant reasonable requests.
Receive a record of how we disclosed your health information. You have the right to ask us in writing for a list of places or persons to whom your health information was disclosed during the past six years. The list will contain the date your health information was disclosed to others, who received the information, a brief description of what was disclosed and why. However, the list will not include disclosures for the following purposes: treatment, payment, health care operations, hospital/nursing home patient directories, family and friends for care and payment, national security or intelligence, and law enforcement/ corrections. In addition, the list will not include information that was disclosed to you and to others with your permission, incidental disclosures and disclosures of limited or de-identified health information. We must provide you the list within 60 days of your request, unless you agree to a 30-day extension. You will not be charged for this list, unless you request more than one list per year.
Receive notification of a breach. We take the privacy and security of your health information seriously and have policies and safeguards in place to protect against unauthorized access, use or disclosure. Following any breach of unsecured health information, we will notify any affected individuals as required by law.
Obtain a paper copy of this notice. Upon your request, you may at any time receive a paper copy of this notice. This notice is available at the registration desks and customer service counters of all our facilities.
File a complaint. You have the right to file a complaint with us if you believe your privacy rights have been violated. To file a complaint, call the Chief Privacy Officer at 877 -592-7996. You also have the right to complain to the United States Secretary of the Department of Health and Human Services. We will not take any action against you for filing a complaint.
Contact for information, questions or concerns
If you have questions or concerns about your privacy rights, Aurora Health Care Inc's privacy-related policies or the information contained in this notice, please contact our Chief Privacy Officer at 877 -592-7996.
Who Will Use This Notice to Meet Federal Law Notice Requirements?
Aurora Health Care, Inc., through owned and controlled corporate and limited liability affiliates and employees of such entities, provides health care to patients, residents and clients jointly with health care providers and other organizations. The following persons and entities, who have agreed to be bound by this notice, will jointly use this notice for convenience to meet federal law requirements; provided that, each person and entity is solely and separately responsible and liable for complying with this notice and applicable law (and Aurora Health Care, Inc. and its affiliates are only liable for their own violations):
This notice is effective on and after September 1, 2013, unless and until it is revised by Aurora Health Care, Inc.
Aurora Health Care
750 W. Virginia Street
Milwaukee, WI 53204