HIPAA Notice of Privacy Practices *HIPAA: Health Insurance Portability and Accountability Act Effective Date: April 14, 2003; rev. Dec. 1, 2003; rev. Dec. 1, 2004; rev. Nov. 1, 2005; rev. Feb. 2006; rev. Apr. 2006; rev. Sept. 2010; rev. June 2013

HIPAA Notice of Privacy Practices - UVA Health System · PDF fileAcknowledgement of Receipt of the HIPAA Notice of Privacy Practices for the University of Virginia Health System

Medical Record Number:

Acknowledgement of Receipt of the HIPAA Notice of Privacy Practicesfor the University of Virginia Health System

Federal law requires that we obtain your written acknowledgement of receipt of the UVA Notice of Privacy Practices. Please sign below.

I acknowledge that I have received the UVA Notice of Privacy Practices.

Patient Name (Print):

Patient Date of Birth:

Legal Representative Name (Print) (if patient unable to sign):

Patient or Legal Representative Signature:


Please send completed forms to Health Information Services, University of Virginia Medical Center, P.O. Box 800476, Charlottesville, VA 22908-0476

PLEASE REVIEW IT CAREFULLY. If you have any questions about this notice, please contact the Corporate Compliance and Privacy Office at 434.924.2938.

This notice describes the priv­acy practices of the University of Virginia Health System,

including the UVA Medical Center, UVA Continuum Home Health Care and Infusion Services, the University of Virginia Physicians Group, the University of Virginia Transitional Care Hospital and:• Any health care professional authorized to enter

information into your medical record• Alldepartments,clinicsandunits• Anymemberofavolunteergroupweallowtohelpyouwhileyouareapatient

• AllHealthSystememployees,staffandotherpersonnel,and students

• TheVirginiaUrologicFoundation,UniversityofVirginiaCommunity Medicine LLC, and the University of Virginia Imaging Center LLC.

The Medical Center inpatient psychiatric unit gives patients a supplemental notice describing its practices. All of the above entities, sites and locations (the “Health System”)maysharemedicalinformationwitheachotherfor treatment, payment or operations purposes described in this notice.

We understand that medical information about you and your health is personal. We are committed to protecting

medical information about you. We create a record of the care and services you receive. We need this record to provideyouwithqualitycareandtocomplywithcertainlegal requirements. This notice applies to all of the records ofyourcaregeneratedbytheHealthSystem,whethermadeby hospital personnel or your personal doctor. This notice will tell you about theways inwhichwemay use anddisclose medical information about you. We also describe yourrightsandcertainobligationswehaveregardingtheuse and disclosure of medical information. Wearerequiredbylawtomakesurethatmedicalinformationthatidentifiesyouiskeptprivate;giveyouthisnoticeofourlegaldutiesandprivacypracticeswithrespecttomedicalinformationaboutyou;andfollowthetermsofthenoticethatiscurrentlyineffect.

Thefollowingcategoriesdescribedifferentways thatweuse anddisclose medical information. For each category of use or

disclosurewewillexplainwhatwemeanandgiveexamples.Not everyuse ordisclosure in a categorywill be listed.However, all of thewayswe are permitted to use anddiscloseinformationwillfallwithinoneofthecategories.

For Treatment. We may use medical information aboutyoutoprovideyouwithmedicaltreatmentorservices.Wewillprovidemedicalinformationaboutyoutodoctors,nurses, technicians, medical students, residents, or other personnelwhoareinvolvedintakingcareofyou.Forexample,adoctortreatingyouforabrokenlegmayneedtoknowifyouhavediabetesbecausediabetesmay slow thehealingprocess. In addition, the doctor may need to tell the dietician ifyouhavediabetessothatwecanarrangeforappropriatemeals. Differentdepartmentsof theHealthSystemalsomay share medical information about you in order to coordinatethedifferentthingsyouneed,suchasprescriptions,laboratorywork and x-rays. Wemay use and disclosemedical information about you in order to communicate withyouabout available treatment--for instance, to sendyouappointmentorprescriptionrefillreminders,ortoofferwellnessandothereducationalprograms,ortotellyouaboutor recommend possible treatment options or alternatives that may be of interest to you. We may also disclose medical information about you to people outside theHealthSystemwhoprovideservices that are related to your care, such as home health agencies or medical equipment suppliers.

For Payment. We may use and disclose medical information about you so that the treatment and services you receive may be billed to and payment may be collected fromyou,aninsurancecompanyoranotherthirdparty.Forexample,wemayneedtogiveyourhealthplaninformationabout your surgery so your health planwill pay us orreimburse you for the surgery. We may tell your health plan about a treatment you are going to receive, to obtain priorapprovalortodeterminewhetheryourplanwillcovertherestofthetreatment.Ifyoudonotwantyourhealthplantoreceiveinformationabouttreatmentforwhichyouhave paid in advance, see “Right to Request Restrictions” on page 4 of this notice.

For Health Care Operations. We may use and disclose medical information about you for health care operations. These uses and disclosures are necessary to run theHealthSystemandmakesurethatallofourpatientsreceive quality care. For example,wemayusemedicalinformationtoreviewourtreatmentandservicesandtoevaluate the performance of our staff in caring for you.We may also combine medical information about many patients to decidewhat additional services theHealthSystem should offer,what services are not needed, andwhethercertainnewtreatmentsareeffective.Wemayalsoprovide information to doctors, nurses, technicians, medical and nursing students, and other personnel and trainees for reviewandlearningpurposes.Wemayalsocombinethemedical informationwehavewithmedical informationfromotherhospitalstocomparehowwearedoingandseewherewecanmakeimprovementsinthecareandservices

How We May Use and Disclose Medical Information About You.


Who Will Follow This Notice.

Our Pledge Regarding Medical





weoffer.Wemayremoveinformationthatidentifiesyoufrom this set of medical information, so that others may useittostudyhealthcareandhealthcaredeliverywithoutlearningwhoyouare.

Business Associates. There are some services providedinourorganizationthroughcontractswithbusinessassociates. Examples include computermaintenancebyoutside companies and transcription of medical records by outside medical records services. Where these services arecontracted,wemaydiscloseyourhealthinformationtoourbusinessassociatessothattheycanperformthejobwehaveaskedthemtodo.Similarly,therearedepartmentsof the University that provide services to us, and may need access to your health information to do their jobs. We require business associates and other UVA departments to appropriately safeguard your information and to notify us of any breaches to your health information.

Fundraising Activities. Wemayusethefollowinginformation to reach you in an effort to encourage donations for the Health System. We also may disclose this information to a foundation related to the Health System so that the foundation may contact you to encourage donations. This means your name, address, phone number and other contact information, age, gender, insurance status, the names of your physicians, the dates you received treatment or services at the hospital, and the departmentswhere you received treatment or services.It does not include information about your diagnosis or treatment,exceptthatwemayuseordisclosetoarelatedfoundation limited information regarding the outcome of your treatment for screening purposes. You have the right to opt out of receiving contacts for fundraising. If you do notwantthehospitaltocontactyouforfundraisingefforts,you may notify the Health System Development Office at 800.297.0102 or 434.924.8432.

Inpatient Directory Information. Unless you notifyusthatyouobject,wewilluseyourname,locationinthe hospital, and general condition to respond to questions aboutyoufrompersonswhoaskforyoubyname,ifyouareaninpatient. Ifyoudonotwantsomeorallofthisinformation used for this purpose during your current hospital stay, please notify the Bed Coordination Center at434.243.9931,orifyouwanttopermanentlyrestrictthisuse, please notify the Admitting Office at 434.924.9231. This information and your religious affiliation also may beprovidedtomembersoftheclergy.Ifyoudonotwantsome or all of this information provided to members of the clergy, please notify the Admitting Office at 434.924.9231.

Individuals Involved in Your Care or Payment for Your Care. We may release information about you to afamilymemberorfriendwhoisinvolvedinyourcare,or the payment for your care. We may tell your family or friends your condition and that you are in the hospital. We may disclose medical information about you to an entity assistinginadisasterreliefeffortsothatyourfamilycanbenotified about your condition, status and location.

Other Care Providers. We may disclose medical informationtohealthcareprofessionalswhohavecaredor currently are caring for you, such as rescue squads, a referring hospital and its physicians, or a nursing home medicaldirector,forthemtouseintreatingyou,seekingpayment for treatment, and certain health care operations, such as evaluating the quality of their care and the performanceoftheirstaff,providingtraining,andlicensingandaccreditationreviews.

Research. Under certain circumstances, wemay use and disclose medical information about you for researchpurposes. For example, a researchprojectmayinvolve comparing the health and recovery of all patients whoreceiveonemedicationtothosewhoreceivedanotherfor the same condition. We also may retain samples from tissue or blood and other similar fluids normally discarded after a medical procedure, for later use in research projects. Alltheseresearchprojects,however,aresubjecttoaspecialapproval process. This process evaluates a proposed research project and its use of medical information, trying to balancetheresearchneedswithpatients’needforprivacyoftheirmedical information. Beforeweuseordisclosemedical information for research, the projectwill havebeen approved through this research approval process. In somecases,yourauthorizationwouldberequired.Inothercases itwouldnot,wherethereviewprocessdeterminesthattheprojectcreates,atmost,aminimalrisktoprivacy.We may also disclose medical information about you to peoplepreparingtoconductaresearchproject,forexample,tohelpthemlookforpatientswithspecificmedicalneeds,solongasthemedicalinformationtheyreviewdoesnotleave the Health System. And if a research project can be doneusingmedicaldatafromwhichalltheinformationthat identifies you (such as your name and medical record number)hasbeenremoved,wemayuseorreleasethedatawithoutspecialapproval.Wealsomayuseorreleasedataforresearchwithafewidentifiersretained--datesofbirth,admission and treatment, and general information about whereyoulive(notyouraddress),withoutspecialapproval.However,inthiscasewewillhavethosewhoreceivethedata sign an agreement to appropriately protect it.

As Required by Law. Wewilldisclosemedicalinformationaboutyouwhenrequiredtodosobyfederal,stateorlocallaw.

To Avert a Serious Threat to Health or Safety. We may use and disclose medical information about you whennecessarytopreventanimmediate,seriousthreattoyour health and safety or the health and safety of the public oranotherperson.Anydisclosure,however,wouldonlybeto someone able to help prevent the threat.

Organ and Tissue Donation. If you are an organ

donor,wemayreleasemedicalinformationtoorganizationsthat handle organ or tissue procurement or to an organ donationbank, to further organor tissuedonation andtransplantation.



Military and Veterans. If you are a member of the armedforces,wemayreleasemedicalinformationaboutyou as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.

Workers’ Compensation. We may release medical

informationaboutyouforworkers’compensationorsimilarprograms. These programs provide benefits forwork-related injuries or illness.

Public Health Risks. We may disclose medical information about you for public health activities. These activitiesgenerallyincludethefollowing:• Topreventorcontroldisease,injuryordisability;• Toreportbirthsanddeaths;• Toreportendangeringdisabilitiesofdriversandpilots;• Toreportabuseorneglectofchildren,theelderlyandincompetentpatients;

• To report reactions tomedications or problemswithproducts;tonotifypeopleofrecallsofproductstheymaybe using.

Health Oversight Activities. We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activitiesinclude,forexample,audits,investigations,inspections,andlicensure. These activities are necessary for the government to monitor the health care system, government programs, andcompliancewithcivilrightslaws.

Lawsuits and Disputes. If you are involved in a lawsuitoradispute,wemaydisclosemedicalinformationabout you in response to a court or administrative order. We may also disclose medical information about you in responsetoasubpoena,discoveryrequest,orotherlawfulprocess by someone else involved in the dispute, but only ifeffortshavebeenmadetotellyouabouttherequestorto obtain an order protecting the information requested.

Law Enforcement. We may release medical informationifaskedtodosobyalawenforcementofficial:• Inresponsetoacourtorder,subpoena,warrant,summonsorsimilarprocess;

• Aboutadeathwebelievemaybetheresultofcriminalconduct;

• Aboutcriminalconductatthehospital;and• Aboutwoundsmadebycertainweapons.

Medical Examiners and Funeral Directors. We mayreleasemedical information toamedicalexaminer.Thismaybenecessary,forexample,toidentifyadeceasedperson or determine the cause of death. We may also release medical information about deceased patients of the hospital to funeral directors as necessary to carry out their duties.

You have the followingrights regarding medical information wemaintainabout you:

Right to Inspect and Copy. You have the right to inspect or receive a copy of your medical and billing records, or to have a copy sent to another person designated by you. You may request copies of records in an electronic format, and if the records are available in that format, they willbeprovidedinit.Iftheyarenot,wewillprovideanalternateformat.Formedicalrecords,youmustsubmitasignedauthorizationformtoHealthInformationServices,UniversityofVirginiaMedicalCenter,P.O.Box800476,Charlottesville,VA22908-0476,orbyfaxat434.243.5995.AuthorizationformsandinstructionsareavailableontheMedicalCenter’swebsiteathttp://uvahealth.com/patients­visitors­guide/medical­records. Call434-924.5136withanyquestions.ForbillingrecordsyoumaywritetoPatientFinancialServices,P.O.Box800750,Charlottesville,VA22908-0750,orcall800.523.4398.Forphysicianbills,youmaywritetotheUniversityofVirginiaPhysiciansGroupatP.O.Box9007,Charlottesville,VA22906-9007,orcall434.980.6110or800.868.6600.Ifyourequestacopyoftheinformation,wemaychargeafeeforcostsofcopyingand mailing.

We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health careprofessionalchosenbythehospitalwillreviewyourrequestandthedenial.Thepersonconductingthereviewwillnotbethepersonwhodeniedyourrequest.Wewillcomplywiththeoutcomeofthereview.

Right to Amend. If you feel that medical informationwehaveaboutyouisincorrectorincomplete,youmay ask us to amend the information. You havethe right to request an amendment for as long as the informationiskeptbyorfortheHealthSystem.Torequestanamendment,yourrequestmustbemadeinwritingandsubmitted to Health Information Services, University of VirginiaMedicalCenter,P.O.Box800476,Charlottesville,VA,22908-0476.Inaddition,youmustprovideareasonthat supports your request. We may deny your request if youaskustoamendinformationthat:• Wasnotcreatedbyus,unlessyoucanshowthepersonor

entity that created the information is no longer available tomaketheamendments;ifso,wewilladdyourrequesttotheinformationrecords;

• IsnotpartofthemedicalinformationkeptbyorfortheHealthSystem;

• Isnotpartoftheinformationwhichyouwouldbeper­mittedtoinspectandcopy;or

• Isaccurateandcomplete.

Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures.” This is a list of disclosures of medical information about youthatwerenotfortreatment,payment,orhealthcareoperationsandofwhichyouwerenotpreviouslyaware. To request this list of accounting of disclosures, you mustsubmityourrequestinwritingtoHealthInformationServices,UniversityofVirginiaMedicalCenter,P.O.Box800476,Charlottesville,VA22908-0476. Your requestmuststatea timeperiodwhichmaynotbe longer thansixyearsandmaynotincludedatesbeforeApril14,2003.

Your Rights Regarding Medical

Information About You.

Yourrequestshouldindicateinwhatformyouwantthelist(forexample,onpaperorelectronically).Thefirstlistyourequestwithina12monthperiodwillbefree. Foradditionallists,wemaychargeyouforthecostsofprovidingthelist.Wewillnotifyyouofthecostinvolvedandyoumaychoose towithdrawormodifyyour requestat thattime before any costs are incurred.

Right to Request Restrictions. You have the right to restrict disclosure of health information to your healthplanforservicespaidoutofpocketinfullpriortothe service being provided. This restriction applies only if the disclosure is to a health plan for purposes of payment or health care operations and the protected health information relatestoahealthcareitemorserviceforwhichthehealthcareproviderhasbeenpaidinfullpriortotheservices.Talktotheclinicstafforyourphysiciantoexercisethisright.

You have the right to request other restrictions on our use or disclosure of medical information about you for treatment, payment or operations purposes, or disclosure of healthinformationaboutyoutosomeonewhoisinvolvedin your care or the payment for your care. We are not requiredtoagreetoyourrequestfortheserestrictions.Forinstance,wewillnotbeabletoagreetorequeststhatwecannotreasonablycarryout,orthatwouldinterferewithyour treatment such as restricting your referring or primary carephysician’s access to yourhealth information. Ournormal process is to immediately send records of your visit to your referring physician. Requests to restrict disclosures of health records to other persons may be made by calling Health Information Servicesat434.924.5136.Requeststorestrictdisclosuresof Medical Center billing and payment records may be madebycallingPatientFinancialServicesat434.924.5377.Requests to restrict disclosure of physician billing and payment records may be made by calling the UVA PhysiciansGroupat434.980.6134.Ifweagree,wewillcomplywithyourrequestunlesstheinformationisneededto provide you emergency services.

Right to Request Alternative Communications. Youhavetherighttorequestthatwecommunicatewithyouaboutmedicalmattersinacertainwayoratcertainlocations.Forexample,youcanaskthatweonlycontactyouatworkorbymail.Torequestalternativecommunications,youmustmake your request inwriting—contact theAdmittingOfficeat434.924.9231forinstructionsonhowtomakeyourrequest.Wewillnotaskyouthereasonforyourrequest.Wewillaccommodateallreasonablerequestswithinourtechnicalcapabilities.Yourrequestmustspecifyhoworwhereyouwishtobecontacted.

Right to Receive Notice of Any Breach. You have therighttoreceivewrittennoticefromusiftherehasbeena breach of your identifiable health information.

Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice. You may obtainacopyofthisnoticeatourwebsite,http://uvahealth.

com/patients­visitors­guide. To obtain a paper copy of this notice, contact the Admitting Office at 434.924.9231.

We reserve the right to change this notice, andmake the changed noticeeffective formedical informationwealready have about you aswell as any

informationwereceiveinthefuture.Wewillpostacopyofthe current notice in select registration and admission areas andotherkey locations throughout theHealthSystem,andonourwebsite.Thisnoticewillcontaintheeffectivedate on the first page. In addition, each time you register at or are admitted to the Health System for treatment or healthcareservicesasaninpatientoroutpatient,wewillhave copies of the current notice available on request.

If you believe your privacy rights have been violated,youmayfileacomplaintwiththeHealthSystemorwiththeSecretary

of the Department of Health and Human Services. To file a complaint, contact the Patient Representative Department at 434.924.8315. All complaintsmust be submitted inwriting.Youwillnotbepenalizedforfilingacomplaint.

Other uses and disclosures of medical information not covered by this notice orthelawsthatapplytouswillbemade onlywith yourwritten permission (an“authorization”). In particular,most

usesanddisclosuresofmedicalinformationformarketingpurposes, most disclosures in return for payment, and most uses and disclosures of psychotherapynoteswouldrequireyour authorization. If you give us permission to use or disclose medical information about you for a particular purpose, youmayrevokethatpermission,inwriting,atanytime by contacting the Corporate Compliance & Privacy Office at434.924.2938.Ifyourevokeyourpermission,wewill no longer use or disclose medical information about you forthereasonscoveredbyyourwrittenauthorization.You understand that we are unable to take back anydisclosures wehavealreadymadewithyourpermission,andthatweare required to retain our records of the care thatweprovided to you.

The Health System may collect your social security number. We use social security numbers for identification and verifications (for example, to provide

therightmedicalrecordwhentwopatientshavethesamename). We also are required to collect social security numbersbyVirginialaw(Va.Code58.1-521)foruseifneededintheadministrativeoffsetprogram.Someothergovernmental programs, such as Medicaid, require social security numbers. Providing a social security number is voluntary,exceptforapplicantstogovernmentalprogramsthat require it. The privacy practices in the Notice apply to your social security number.

For more information, contact theCorporate Compliance & Privacy Office at 434.924.2938.


Changes to this Notice.


Other Uses of Medical


Social Security

