Sentara HealthCare Integrated Notice of Privacy Practices
Effective Date: June 2, 2005. Revised: August 1, 2016
This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please review it carefully.
If you have any questions about this notice, please contact the office of the Sentara Privacy Contact Person.
Sentara HIPAA Privacy Contact Person
PO Box 2200
Norfolk, VA 23501
Who Will Follow This Notice.
This notice describes Sentara Healthcare’s privacy practices including:
- All divisions, affiliates, facilities, medical groups, departments and units of Sentara Healthcare;
- Any member of a volunteer group we allow to help you while you are in a Sentara Healthcare facility;
- All employees, staff and other Sentara Healthcare personnel; and
- Sentara hospital-based residents, medical students, physicians and physician groups with regard to services provided and medical records kept at a Sentara facility (all together “Sentara” or “we”).
Our Pledge Regarding Medical Information:
We understand that medical information about you and your health is personal. We are committed to protecting medical information about you.
We create a medical record of the care and services you receive at Sentara care sites. We need this record to provide you with quality care and to comply with certain legal requirements.
This notice applies to all of the Sentara Healthcare medical records of your care generated by a Sentara entity, whether made by Sentara personnel or your personal provider. Your personal provider may have different policies or notices regarding the doctor's use and disclosure of your medical information created in the doctor's office or clinic.
This notice tells you about the ways in which we may use and disclose your medical information. It also describes your rights and certain obligations we have regarding use and disclosure of information.
We Are Required By Law to:
- Make sure that all of your medical information and that which identifies you is kept private;
- Give you this notice of our legal duties and privacy practices; and
- Follow the terms of the notice that is currently in effect.
How We May Use and Disclose Medical Information About You.
The following categories describe different ways that we use and disclose medical information. For each category of uses or disclosures we will explain what we mean and give examples. Not every use or disclosure in a category will be listed, however all of the ways we are permitted to use and disclose information fall within one of the categories.
- For Treatment. We may use medical information about you to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, medical students, or other Sentara personnel and care providers who are involved in your care. Among those caring for you are medical, nursing and other health care personnel in training who, unless you request otherwise, may be present during your care as part of their education. We may use still or motion pictures and closed circuit television monitoring of your care. We may also share medical information about you in order to coordinate the different things you need, such as prescriptions, lab work, X-rays and emergency medical transportation, as well as with family members or others providing services that are part of your care.
- For Payment. Sentara may use and disclose your medical information so that it or other entities involved in your care may obtain payment from you, an insurance company or a third party for treatment and services you receive. We and your physician(s) may disclose your medical information to any person, Social Security Administration, insurance or benefit payor, health care service plan or workers’ compensation carrier which is, or may be, responsible for part or all of your bill. For example, we may give your insurer information about surgery you received at a Sentara hospital so they will pay us or reimburse you. We may also tell your insurer about a treatment you are going to receive to obtain prior approval, to determine whether your plan will cover the treatment, or to resolve an appeal or grievance. Information on members of Sentara managed care plans may be used and disclosed to determine if services requested or received are covered benefits under its insurance, and to underwrite your group’s health plan. Sentara is required to agree, if you request, to restrict disclosure of PHI to a health plan for any healthcare item or service which you have paid in full out of pocket.
- For Health Care Operations. We may use and disclose medical information about you for our health care operations. These uses and disclosures are necessary to run Sentara and make sure that all of our patients and members receive quality services. For example, we may use medical information to review our treatment and services, to evaluate the performance of our staff, and to survey you on your satisfaction with our treatment and/or services. We may combine medical information to decide what additional services or health benefits Sentara should offer, what services are not needed, and whether certain new treatments are effective. We may disclose information to doctors, nurses, technicians, students training with Sentara, and other Sentara personnel for review and learning purposes. We may combine the medical information we have with medical information from other health care entities to compare how we are doing and see where we can make improvements in the care and services we offer. Sentara may also disclose information to private accreditation organizations, including, but not limited to, the Joint Commission on Accreditation of Healthcare Organizations and the National Committee, Det Norske Veritas (DNV) Hospital Accreditation Program, Quality Assurance, or other accreditation entities, in order to obtain accreditation from these organizations. We may use your information to credential providers in our health plan network and to grant hospital privileges to providers. We may also provide to others de-identified information that does not identify you, to be used in healthcare studies.
- Appointment Reminders. We may use and disclose your information to remind you of an appointment at a Sentara location.
- Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
- Health-Related Benefits and Services. We may use and disclose your information to tell you about health related benefits or services.
- Fundraising Activities. We may use and disclose medical information about you so that we or a foundation related to Sentara may contact you in an effort to raise money for Sentara. We only release information such as your name, address and phone number and the dates you received treatment or services. You have the right to be removed from any fundraising listing so that you will not be contacted. Opting out of fundraising activities will in no way affect any access or level of care to any patient. Once a patient opts-out of the fundraising listing, Sentara Healthcare will avoid contacting you unless the patient at a later time decides to opt-in for fundraising contact. Opting out or in for fundraising can be done by phone or email.
- Hospital Directory. We may include your name, location in the hospital, and your general condition (e.g., fair, stable, etc.) in the hospital directory while you are a patient at a Sentara hospital. The directory information may be released to people who ask for you by name so your family, friends and clergy can visit you in the hospital and generally know how you are doing. You may ask to restrict some or all of the information contained in the directory.
- Research. Under certain circumstances, we may use and disclose medical information about you for research purposes. All research projects, must be reviewed and approved by either an institutional review board (IRB) or privacy board. In limited situations, your medical information may be reviewed by a researcher preparing to conduct a research study.
- As Required By Law. We will disclose medical information about you when required to do so by federal, state or local law. This includes, but is not limited to, disclosures to mandated patient registries.
- To Avert a Serious Threat to Health or Safety. We may use and disclose medical information about you to a person able to help prevent a serious threat to your health and safety or the health and safety of the public or another person.
- To Sponsors of Group Health Plans. We may disclose your medical information to the sponsor of a self-funded group health plan, as defined under ERISA. We may also give your employer information on whether you are enrolled in or have dis-enrolled from a health plan offered by the employer.
- Marketing. We must obtain your prior written authorization to use your protected health information for marketing purposes except for a face-to-face encounter or a communication involving a promotional gift of nominal value. We are prohibited from selling lists of patients and enrollees to third parties or from disclosing protected health information to a third party for the marketing activities of the third party without your authorization. We may communicate with you about treatment options or our own health-related products and services. For example, our health care plans may inform patients of additional health plan coverage and value-added items and services, such as special discounts.
- Activities Requiring Authorization - Sentara requires specific patient authorization for disclosure of Protected Health information in the event of 1) Disclosures that constitute a sale of PHI, 2) Disclosure of PHI for Marketing Purposes and, 3) disclosures of psychotherapy notes. You may revoke an authorization at any time.
- Organ and Tissue Donation. We may release medical information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
- Military and Veterans. We may release medical information about members of the domestic or foreign armed forces as required by the appropriate military command authorities.
- Workers' Compensation. We may release medical information about you for workers' compensation or similar programs.
- Public Health Activities. We may disclose medical information about you for public health activities. These activities include the following:
- to prevent or control disease, injury or disability;
- to report births and deaths;
- to report child abuse or neglect;
- to report reactions to medications or problems with products;
- to notify people of recalls of products they may be using;
- to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
- to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence where you agree or when required or authorized by law.
- Health Oversight Activities. We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include, but are not limited to, audits, investigations, examinations, inspections, and licensure.
- Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or reasonable efforts have been made by the party seeking the information to secure a qualified protective order. We also may disclose your information to Sentara’s attorneys and, in accordance with applicable state law, to attorneys working on Sentara’s behalf.
- Law Enforcement. We may release medical information if asked to do so by a law enforcement official:
- In response to a court order, subpoena, warrant, summons or similar process;
- To identify or locate a suspect, fugitive, material witness, or missing person;
- About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person's agreement;
- About a death we believe may be the result of criminal conduct;
- About criminal conduct at the location of a Sentara entity; and
- In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of person(s) who committed the crime.
- Coroners, Medical Examiners and Funeral Directors. We may release medical information to a coroner, medical examiner or funeral director as necessary for them to carry out their duties.
- National Security and Intelligence Activities. We may release medical information about you to authorized federal officials for intelligence, counterintelligence, or other national security activities.
- Protective Services for the President and Others. We may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state or conduct special investigations.
- Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
- Uses and Disclosures Regarding Food and Drug Administration (FDA)-Regulated Products and Activities. We may disclose protected health information, without your authorization, to a person subject to the jurisdiction of the FDA for public health purposes related to the quality, safety or effectiveness of FDA-regulated products or activities such as collecting or reporting adverse events, dangerous products, and defects or problems with FDA-regulated products.
- Genetic Information. Consistent with the Genetic Information Nondiscrimination Act (GINA), your health plan is prohibited from using or disclosing genetic information for underwriting purposes.
- School Immunization Admission Requirements. You do not need to provide an authorization for schools to receive immunization information.
- All Other Uses & Disclosures of PHI. Any other use and/or disclosure of your PHI not specified in this notice will require a signed authorization prior to use.
Your Rights Regarding Medical Information We Maintain About You.
You have the following rights regarding your medical information:
- Right to Inspect and Copy. You have the right to inspect and copy medical information that may be used to make decisions about your care. Usually, this includes medical and billing records, but does not include psychotherapy notes. To inspect and copy medical information that may be used to make decisions about you, you must submit your request in writing on a form provided by Sentara to the Heath Information Management (HIM) department. You have a right to obtain a paper or electronic copy. Your request should indicate in what form you want the information. You may also request where the information is to be sent. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request. We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by Sentara will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
- Right to Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for a Sentara entity. To request an amendment, your request must be made in writing on a form provided by Sentara and submitted to the Heath Information Management (HIM) department. You must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- Is not part of the medical information kept by or for a Sentara entity;
- Is not part of the information which you would be permitted to inspect and copy; or
- Is accurate and complete.
- Right to an Accounting of Disclosures. You have the right to request an "accounting of disclosures." This is a list of the disclosures we made of medical information about you. It does not include disclosures made for treatment, payment, health care operations, disclosures you authorize or other disclosures for which an accounting is not required under HIPAA. To request this list or accounting of disclosures, you must submit your request in writing on a form provided by Sentara to the Heath Information Management (HIM) department. Your request must state a time period which may not be longer than six years and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example, on paper, electronically.) The first list you request within a 12 month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
- Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had. We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment. To request restrictions, you must make your request in writing on a form provided by Sentara to the Heath Information Management (HIM) department. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, i.e. disclosures to your spouse.
- Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we contact you at work or by mail. To request confidential communications, you may make your request in writing to the Heath Information Management (HIM) department. You may also telephone the office of the Privacy Contact Person, however in order to protect your privacy we may not be able to accommodate requests made by telephone. We will not ask you the reason for your request, and will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
- Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice at anytime, even if you have previously agreed to receive this notice electronically. To obtain a paper copy of this notice, please write or call the Heath Information Management (HIM) department.
- Right to Breach Notification. In the event that unsecured protected health information is inappropriately disclosed, an investigation of the event will be conducted. If it is determined to be a breach of your information, you will receive notification of the breach by first class mail.
- Underwriting. Sentara will not use patient’s genetic information in an adverse manner for underwriting purposes.
- Rights of the Deceased. PHI of an individual that has been deceased for 50 years or more is NOT covered by HIPAA. Covered Entities are permitted to disclose a deceased person’s PHI to family members and others who were involved in the care or payment for care if not contrary to prior expressed preference.
Change to this Notice
- We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any information we receive in the future. We will post a copy of the current notice with the effective date at Sentara health care treatment facilities. We will post a current updated copy of this notice on our website, WWW.SENTARA.COM. In addition, each time you have an appointment at, register at, or are admitted to a Sentara hospital or other Sentara treatment location for treatment or health care services, we will offer you a copy of the current notice. If you are a member of a Sentara health plan, your Evidence of Coverage or Certificate of Insurance will contain the version of the notice in effect as of the printing of those documents, plus any amendment to the notice.
If you believe your privacy rights have been violated, you may file a complaint with Sentara or with the Secretary of the Department of Health and Human Services. To file a complaint with Sentara, contact the Privacy Contact Person. All complaints must be submitted in writing. You will not be penalized or retaliated against for filing a complaint.
Other Uses of Medical Information.
Other uses and disclosures of medical information not covered by this notice or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care and services that we provided to you.
If you have insurance through Optima Health Plan, Optima Health Group, or Optima Health Insurance Company, please refer to your Evidence of Coverage or Certificate of Insurance for the Notice of Insurance Information Practices and notice of Financial Information Practices required by Virginia law.
Sentara will also comply with relevant state laws that may govern the privacy of your information.
Sentara HIPAA Privacy Contact Person
PO Box 2200
Norfolk, VA 23501