Notice of Privacy Practices for Patients of Jennie Stuart Health
Effective Date: August 2013
Please review this document carefully as it
describes how medical information about you may be used and disclosed. It also
describes how you can obtain access to your medical information.
Jennie Stuart Health ("Hospital"),
its medical staff, and its other healthcare providers are part of a team whose
goal is to provide quality care to our patients. Sharing information among the
physicians and other healthcare providers and appropriate staff members makes
it possible to provide the best care possible. All of the staff members working
in the hospital setting have agreed to abide by this Notice of Privacy
Practices (NPP) while working in the Hospital’s facilities.
The Hospital creates a record of
the care and services you receive in the Hospital and in other Hospital
facilities. Your medical records and billing information are created and
retained on a computer system that includes Electronic Health Records. That
system is accessible to Hospital personnel and members of the medical staff,
and these persons are able to access and use your Protected Health Information
to carry out treatment, payment, or Hospital operations. The Hospital uses certain
safeguards, such as personnel training, written policies, password protection,
and document encryption, to prevent improper access or useof information maintained on our computer system.
We are required by law to
protect your privacy and the confidentiality of your Protected Health
Information, to provide you with notice of our legal duties and privacy practices,
and to notify you in the event of any breach of unsecured protected health
information about you. This NPP describes your rights and our legal duties
regarding your Protected Health Information.
- Protected Health Information or PHI is your personal and protected
health information that we use to provide your treatment, to bill for the
services we provide, and to carry out administrative duties of the Hospital.
- Privacy Officer is
the individual at the Hospital who is responsible for developing and
implementing all Hospital policies and procedures relating to your PHI and for
receiving and investigating any concerns or complaints you may have about the
use or disclosure of your PHI. While you are in the Hospital, you may contact
the Privacy Officer by dialing the Hospital Operator, or asking a Hospital
staff member to contact the Privacy Officer for you. Outside of the hospital,
you may contact the Privacy Officer by calling the hospital’s main number and
asking the Operator to connect you. Your treatment will not be negatively
affected, and you will not be retaliated against for expressing a concern or
making a complaint to the Privacy Officer.
- Business Associate is an
individual or business independent of the Hospital that works for the Hospital
to help provide the Hospital or you with services. For example, if the Hospital used an outside
company to file patients’ insurance claims, that company would be a Business
Associate. Business Associates who have access to your PHI have a legal obligation
to protect it from improper use or disclosure.
- Authorization. We
will obtain your permission to use or disclose your protected health
information for purposes other than for your treatment, to obtain payment of
your bills and for health care operations of this hospital.
- Disclosure means
releasing or giving your PHI to another party.
- Health Information Network. The Hospital may participate in a digital health
information exchange with other healthcare providers and health plans, in which
your patient data would be sent to a secure electronic network and would be
accessible to other network members who were also treating you, those who pay
for your care, and for operational purposes. Any such network would be
committed to protecting the privacy of your information.
Uses of your Protected Health Information that do not Require your Authorization
Jennie Stuart Health may
use and disclose your PHI, without
your authorization, for the following treatment, payment, and healthcare
- Treatment. The Hospital may use your PHI to
provide you with medical treatment or services. We may disclose your PHI to
doctors, nurses, technicians, medical students, or other hospital personnel who
are involved in taking care of you at the Hospital. For example, a doctor
treating you for a broken leg may need to know if you have diabetes because
diabetes may slow the healing process. In addition, the doctor may need to tell
the dietitian if you have diabetes so that we can arrange for appropriate
meals. Different departments of the Hospital also may share your PHI in order
to coordinate the different services you need, such as prescriptions, lab work,
and x-rays. We also may disclose your PHI to individuals outside of the
Hospital who will be providing your follow-up care. For example, we may
disclose PHI about your treatment at the Hospital to your primary care doctor
so he or she may provide for your care.
- Payment. We
may use and disclose your protected health information when billing your
insurance company in order to receive payment for the treatment and services
you received at the hospital. We may also give your protected health
information to your insurance company in order to obtain a pre-certification
for future treatment. We may also provide your physicians or their billing
agents with information so they can send bills to your insurance company or to
- Healthcare Operations. We
may use and disclose your PHI for the Hospital’s healthcare operations. These
uses and disclosures are necessary to run the Hospital and make sure that all
of our patients receive quality care. For example, we may use PHI about your
high blood pressure to review our treatment and services and to evaluate the
performance of our staff in caring for you. We may also combine the PHI of many
Hospital patients to decide what additional services the Hospital should offer,
what services are not needed, and whether certain new treatments are effective.
We may also combine the PHI of our patients with the PHI of patients from other
hospitals to compare our services with those at other facilities and to see
what improvements we can make in the services we offer. For example, we may
combine the PHI of the Hospital patients who have high blood pressure to
compare it with the PHI of other hospitals’ patients with high blood pressure,
so that we can make improvements in the care and services that the Hospital provides
to these patients.
- Business Associates.We
may disclose your protected health information to Business Associates
independent of the Hospital with whom we contract to provide services on our
behalf. However, we will only make these
disclosures if we have received satisfactory assurance that the Business
Associate and any subcontractors will properly safeguard your privacy and the
confidentiality of your protected health information. For
example, we may contract with a company outside of the Hospital to provide accounting
or billing services for the Hospital.
Uses of your Protected Health Information that Require Authorization or an Opportunity to Object
Stuart Health may use and disclose your PHI, with your authorization or subject to your right to object, for the
may use and disclose your PHI to contact you with a reminder that you have an
appointment for treatment or medical care at the Hospital. This may be done
through an automated system or by one of our staff members. If you are not at
home, we may leave this information on your answering machine or in a message
left with the person answering the telephone. You have the right to stop
appointment reminders by notifying us of your decision in writing.
- Health Related Benefits and Services. We
may use and disclose your PHI to tell you about health-related benefits or
services or to recommend possible treatment options or alternatives that may be
of interest to you. You may notify us in writing if you wish to restrict the
manner in which we tell you about such benefits or services, for example, if
you do not want to be contacted at home, or if you prefer to be contacted by
- Hospital Directory. We may include limited
information about you in the Hospital directory while you are a patient in the
Hospital. This information may include your name, location in the Hospital,
your general condition (e.g., good,
fair, serious, or critical) and your religious affiliation. Except for your
religious affiliation, this information may be disclosed to individuals who ask
for you by name. Your religious affiliation may be disclosed to a member of the
clergy, such as a priest or rabbi, even if they don’t ask for you by name. This
is so your family, friends, and clergy can visit you in the Hospital and
generally know how you are doing. You may ask not to be included in the Hospital
directory by notifying admitting personnel or contacting the Privacy Officer.
- Individuals Involved in Your Care or
Payment for Your Care. We
may disclose to a family member, close friend, or other individual you
identify, the PHI that is directly relevant to that person’s involvement in
your healthcare and/or payment for your healthcare. For example, we may go over
your discharge instructions with the person who will be caring for you when you
leave the Hospital. We may also disclose protected health information
about you to an entity assisting in a disaster relief effort so that your
family can be notified about your condition, status and location.
- Disclosure after Death.We may disclose relevant PHI to
persons who were involved in your care or payment for your care, following your
death. If you know you do not want that information shared in the future, you
may object to these disclosures by notifying the Privacy Officer.
- Research. Under
certain circumstances, the Hospital may use and disclose your PHI for research
purposes. For example, a research project may involve comparing the health of
patients who received one medication to those who received another for the same
condition. All research projects, however, are subject to a special approval
process. This process evaluates a proposed research project and its use of PHI,
trying to balance the needs of research with patients’ need for privacy of
their PHI. Before we use or disclose medical information for research, the
project will have been approved through this approval process. We may, however,
disclose PHI about you to people preparing to conduct a research project, to
help them look for patients with specific medical needs or conditions, so long
as the PHI they review does not leave the hospital. We will almost always ask
for your specific permission if the researcher will have access to your name,
address, or other information that reveals who you are, or will be involved in
your care at the Hospital.
- As Required by Law. We will disclose PHI about you
when required to do so by federal, state, or local law. For example, Kentucky
law requires us to report any births or deaths that occur in the hospital to
the Kentucky Department of Public Health.
- To Avert a Serious Threat to Health or
Safety. The Hospital and its professional staff may use and
disclose your PHI when necessary to prevent a serious threat to your health and
safety or the health and safety of the public or another person. Any
disclosure, however, would only be to someone able to help prevent the threat.
Any disclosure will be made only to someone who is likely to be able to prevent
or reduce the threat.
- Organ and Tissue Donations. If you are an organ donor, we
may release your PHI to organizations that handle organ donations or organ, eye
or tissue transplantation or to an organ donation bank, as necessary to
facilitate organ or tissue donation and transplantation.
- Military. If
you are a member of the armed forces, the Hospital and its professional staff
may release your PHI as required by military command authorities. We may also
release PHI about foreign military personnel to the appropriate foreign
- Workers Compensation. We may release PHI about you
for workers’ compensation or similar programs as authorized by state laws.
These programs provide benefits for work-related injuries or illness.
- Public Health Risks. We may disclose PHI about you
for public health activities, to, for example:
Health Oversight Activities. The
Hospital and its professional staff may disclose PHI to a health oversight
agency for activities necessary for the government to monitor the healthcare
system, government programs, and compliance with applicable laws. These
oversight activities include, for example, audits, investigations, inspections,
medical device reporting, and licensure.
Lawsuits and Disputes. If
you are involved in a lawsuit or a dispute, we may disclose PHI about you in
response to a court or administrative order. We may also disclose PHI about you
in response to a court order, discovery request, or other lawful process by
someone else involved in the dispute, but only if efforts have been made to
tell you or your representative about the request or to obtain an order
protecting the information requested.
Law Enforcement. We
may release your PHI if asked
or control disease, injury or disability;
births and deaths;
child abuse or neglect;
reactions to medications or problems with products;
people of recalls of products they may be using;
the Kentucky Department of Public Health that a person may have been exposed to
a disease or may be at risk for contracting or spreading a disease or
the appropriate government authority if we believe a patient has been the
victim of abuse, neglect or domestic violence, if you agree or when required by
Your Rights Regarding Your Protected Health Information
You have the following rights regarding the PHI we maintain about you:
- Right to Inspect and Copy. You have the right to inspect and request a copy of your PHI maintained in the "designated record set," except as prohibited by law. The "designated record set" is the PHI in your medical and billing records used to make decisions about your care and payment for your care, as determined by the Hospital. You also have the right to authorize third parties (such as a family member) to obtain your PHI.
To inspect and/or request a copy of your PHI in the designated record set, you must submit your request in writing on an approved Authorization form. You may obtain an Authorization form by contacting the Privacy Officer. If you request a copy of your PHI, we may charge a reasonable fee to offset the costs associated with your request. You will be advised of any applicable fees at the time you make your request.
We may deny your request to inspect and copy in certain circumstances. If you are denied access to certain PHI, you may request that the denial be reviewed. Another licensed health care professional chosen by the Hospital will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
- Right to Amend. If you believe that PHI we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the Hospital. To request an amendment, your request must be made in a writing that states the reason for the request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
Right to an Accounting of Disclosures. You have the right to request one free accounting every 12 months of certain disclosures we have made of your PHI. This accounting does not include disclosures made:
- was not created by the Hospital or its professional staff, unless the person or entity that created the information is no longer available to make the amendment;
- is not part of the PHI kept by or for the Hospital;
- is not part of the information which you would be permitted to inspect and copy; or
- is accurate and complete.
- To carry out treatment, payment, or healthcare operations;
- To you, of your own PHI;
- Incident to a use or disclosure permitted by law;
- Pursuant to your signed Authorization;
- For national security or intelligence purposes;
- To correctional institutions or law enforcement officials;
- For your inclusion in the Hospital directory;h. As part of a limited data set not including your individually identifiable information; or
That occurred more than 6 years prior to your request. To request an accounting, you must submit your request to the Privacy Officer in writing. Your request must state the period of time for which you want an accounting. This period may not be longer than 6 years, and may not include dates that are more than 6 years earlier than your request. Your request should indicate in what form you want the accounting (for example, on paper or electronically). For additional accountings (i.e., more than one every 12 months), we may charge you for the costs of providing the accounting. We will notify you of the cost involved when you make your request and you may choose to withdraw or modify your request at that time, before any costs are incurred.
Right to Request Restrictions. You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had. You also have a right to request that we restrict disclosures to a health plan or insurance company if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and the PHI pertains solely to a health care item or service for which you (or a person other than the health plan or someone else on your behalf) have paid the Hospital in full.
In certain circumstances, we are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.
To request restrictions, you must make your request in writing. We will assist you or provide you with a form for this purpose upon request. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply.
Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.
To request confidential communications, you must make your request in writing. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted. (For example, if request that we only contact you at work, you must provide us with your work contact information.)
Right to a Paper Copy of This NPP. You have the right to a paper copy of this NPP. You may ask us to give you a copy of this NPP at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
To obtain a paper copy of this notice, contact:
Jennie Stuart Medical Center
PO Box 2400
Hopkinsville, KY 42240
(270) 887-0100 ext. 6834
You may download a copy of this NPP to the right above.
Changes to this Notice
We reserve the right to change this privacy notice. We reserve the right to make the revised or changed
notice effective for PHI we already have about you as well as any PHI we
receive in the future. We will post a
copy of the current NPP in the hospital and on our website. The effective date of the NPP will be on the
first page, near the top. In addition,
each time you register at the Hospital for treatment or health care services we
will make available to you a copy of the current NPP.
Authorization for Other Uses of Protected Health Information
Other uses and disclosures of
PHI that are not covered by this notice or the laws that apply to us will be
made only with your written Authorization.
If you provide us Authorization to use or disclose PHI about you, you
may revoke that Authorization, in writing, at any time. If you revoke your Authorization, we will no
longer use or disclose PHI about you for the reasons covered by your written
Authorization. You understand that we
are unable to take back any disclosures we have already made with your Authorization,
and that we are required to retain our records of the care that we provided to
If you believe your privacy
rights have been violated, you may file a written complaint with the Hospital
Privacy Officer or with the Office for Civil Rights at the U.S. Department of
Health and Human Services.
To file a written complaint with
the Hospital, write:
Jennie Stuart Medical Center
PO Box 2400
Hopkinsville, KY 42240
(270) 887-0100 ext. 6834
To file a complaint with the
Office for Civil Rights, contact:
Office for Civil Rights
U.S. Department of Health and
Office for Civil Rights, DHHS
Sam Nunn Atlanta Federal Center,
Forsyth Street, S.W.
Atlanta, GA 30303-8909
will not be penalized or retaliated against for filing a complaint.