NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW BAYCARE CLINIC, LLP, OR BAYCARE HEALTH SYSTEMS, LLC, (BayCare) MAY USE AND DISCLOSE YOUR HEALTHCARE INFORMATION AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. IT ALSO DESCRIBES HOW BAYCARE MAINTAINS WEB SITE AND INTERNET PRIVACY. PLEASE REVIEW IT CAREFULLY.
HEALTHCARE INFORMATION PRIVACY PRACTICES
BayCare is required by law to maintain the privacy of your protected health information (“PHI”). This information consists of all records related to your health, including demographic information, either created by BayCare, or received by BayCare, from other healthcare providers.
We are required to provide you with Notice of our legal duties and Privacy Practices with respect to your PHI. These legal duties and privacy practices are described in the Notice. BayCare will abide by the terms of this Notice, or the Notice currently in effect at the time of the use, or disclosure of your PHI.
BayCare reserves the right to change the terms of this Notice, and to make any new provisions effective for all PHI that we maintain. Patients will be provided a printed copy of any revised Notices upon request. An individual may obtain a copy of the current Notice from our office at any time.
Uses and Disclosures of Your PHI Not Requiring Your Consent
BayCare may use and disclose your PHI, without your written consent or authorization, for certain treatment, payment and healthcare operations. This includes PHI accessed or received from Aurora Health Care, Aurora BayCare Medical Center, any Aurora affiliate and any other physician group or healthcare facility using the electronic medical record system provided by Aurora Health Care. There are certain restrictions on uses and disclosures of treatment records, including registration information as well as all other records concerning individuals who are receiving, or who at any time have received services for mental illness, developmental disabilities, alcoholism, or drug dependence. There are also restrictions on disclosing HIV test results without patient consent.
Treatment may include for example:
• Providing, coordinating, or managing healthcare and related services by one or more healthcare providers
• Consultations between healthcare providers concerning a patient
• Referrals to other providers for treatment
• Referrals to nursing homes, foster care homes, or home health agencies
For example, your BayCare provider may determine that you require the services of another provider. When referring you to another provider, BayCare may share or transfer your healthcare information to that provider.
Payment activities may include for example:
• Activities undertaken by BayCare to obtain reimbursement for services provided to you
• Determining your eligibility for benefits or health insurance coverage
• Managing claims and contacting your insurance company regarding payment
• Collection activities to obtain payment for services provided to you
• Reviewing healthcare services and discussing with your insurance company the medical necessity of certain services or procedures, coverage under your health plan, appropriateness of care, or justification of charges
• Obtaining pre-certification and pre-authorization of services.
For example, BayCare will submit claims to your insurance company on your behalf. This claim identifies you, your diagnosis, and the services provided to you.
Healthcare operations may include for example:
• Contacting healthcare providers and patients with information about treatment alternatives
• Conducting quality assessment and improvement activities
• Conducting outcomes evaluations and development of clinical guidelines
• Protocol development, case management, or care coordination
• Conducting or arranging for medical review, legal services, and auditing functions.
For example, BayCare may use your diagnosis, treatment, and outcome information to measure the quality of the services we provide, or to assess the effectiveness of your treatment when compared to patients in similar situations.
Health Information Exchange – We may make your medical information available electronically through an information exchange service to other health care providers, health plans and health care clearinghouses that request your information. Participation in information exchange services also lets us see their information about you.
By law, we may not disclose your PHI to family members or friends who may be involved with your treatment or care without your written permission. Health information may be released without written permission to a parent, guardian, or legal custodian of a child, the guardian of an incompetent adult, the healthcare agent designated in an incapacitated patient’s healthcare power of attorney; or the personal representative or spouse of a deceased patient.
There are additional situations when BayCare is permitted or required to use or disclose your PHI without your consent or authorization. Examples include the following:
As permitted or required by law.
In certain circumstances we may be required to report individual health information to legal authorities, such as law enforcement officials, court officials, or government agencies. For example, we may have to report abuse, neglect, domestic violence or certain physical injuries. We are required to report gunshot wounds or any other wound to law enforcement officials if there is reasonable cause to believe that the wound occurred as a result of a crime. Mental health records may be disclosed to law enforcement authorities for the purpose of reporting an apparent crime on our premises.
For public health activities.
We may release healthcare records, with the exception of treatment records; to certain government agencies or public health authority authorized by law, upon receipt of written request from that agency. We are required to report positive HIV test results to the state epidemiologist. We may also disclose HIV test results to other providers or persons when there has been or will be risk of exposure. We may report to the state epidemiologist the name of any person known to have been significantly exposed to a patient who tests positive for HIV.
We are required by law to report suspected child abuse and neglect and suspected abuse of an unborn child, but cannot disclose HIV test results in connection with the reporting or prosecution of alleged abuse or neglect. We may release healthcare records, including treatment records and HIV test results, to the Food and Drug Administration when required by federal law. We may disclose healthcare records, except for HIV test results, for the purpose of reporting elder abuse or neglect, provided the subject of the abuse or neglect agrees, or if necessary to prevent serious harm. Records may be released for the reporting of domestic violence if necessary to protect the patient or community from imminent and substantial danger.
For health oversight activities
We may disclose healthcare records, including treatment records, in response to a written request by any federal or state governmental agency to perform legally authorized functions, such as management audits, financial audits, program monitoring and evaluation, and facility or individual licensure or certification. HIV test results may not be released to federal or state governmental agencies, without written permission, except to the state epidemiologist for surveillance, investigation, or to control communicable diseases.
Judicial and Administrative Proceedings
Patient healthcare records, including treatment records and HIV test results, may be disclosed pursuant to a lawful court order. A subpoena signed by a judge is sufficient to permit disclosure of all healthcare records except for HIV test results.
For activities related to death
We may disclose patient healthcare records, except treatment records, to a coroner or medical examiner for the purpose of completing a medical certificate or investigating a death. HIV test results may be disclosed under certain circumstances.
Under certain circumstances, and only after a special approval process, we may use and disclose your health information to help conduct research.
To avoid a serious threat to health or safety
We may report a patient’s name and other relevant data to the Department of Transportation if it is believed the patient’s vision or physical or mental condition affects the patient’s ability to exercise reasonable or ordinary control over a motor vehicle. Healthcare information, including treatment records and HIV test results, may be disclosed where disclosure is necessary to protect the patient or community from imminent and substantial danger.
For workers’ compensation
We may disclose your health information to the extent such records are reasonably related to any injury for which workers compensation is claimed.
BayCare will not make any other use or disclosure of your PHI without your written authorization. You may revoke such authorization at any time, except to the extent that BayCare has taken action in reliance thereon. Any revocation must be in writing.
Your Rights Regarding Your PHI- You have the right to:
See or copy your health information
You have the right to see or to request a copy of your health information. You have a right to request that copy be provided in electronic form or format, and we can assist you in acquiring this. Your request must be in writing and we may charge you a reasonable fee for costs associated with your request. We are not required to allow you to see or copy psychotherapy notes, or information prepared for (or in anticipation for use) in a civil, criminal, or administrative action or proceeding. Requests and questions should be directed to the facility where you received treatment.
Correct information you believe to be Incorrect or Incomplete
If you believe that your medical information is inaccurate, you may submit a request to us asking that your information be corrected, as long as such information is maintained by us. Your request must be in writing and must include the reason(s) why you believe a change should be made. We are not required to approve your request, and will notify you of our decision and reasoning behind such decision within thirty (30) days of submission.
Request a listing of who was given your information and why
You may request to receive an accounting of the disclosures of your PHI made by BayCare for the six years prior to the date of the request. We are not required, however, to record disclosures we make pursuant to a signed consent or authorization. We will provide you with a list that includes the date we released medical information, the name of the entity it was released to and a brief description of what information was released and the reason for the disclosure. Requests and questions should be directed to the location where you received treatment.
Request a restriction on how we use or share your information
You are permitted to request that restrictions be placed on certain uses or disclosures of your PHI by BayCare to carry out treatment, payment, or healthcare operations. You must request such a restriction in writing. We are not required to agree to your request, unless the services provided have been paid in full as a cash payment and your request is that we do not disclose to a health plan medical information related solely to those services. In other circumstances, if we do agree to such restriction request, we must adhere to the restriction, except when your PHI is needed in an emergency treatment situation. In this event, information may be disclosed only to healthcare providers treating you. Also, a restriction would not apply when we are required by law to disclose certain healthcare information.
Request alternate form of communication
You may request that BayCare send PHI, including billing information, to you by alternative means or to alternative locations. For example, you may request that BayCare not send information to a particular address or location or contact you at a specific location, such as your place of employment. This request must be submitted in writing. We will do our best to accommodate reasonable requests by you.
Notification of a Breach
Your provider is required by law to maintain the privacy of your information. BayCare will, in accordance with law, provide you with a notice of its legal duties and privacy practices with respect to your information and notify you following any breach.
Any person or patient may file a complaint with BayCare and/or the Secretary of Health and Human Services if they believe their privacy rights have been violated. To file a complaint with BayCare please contact the Privacy Official at the following:
BayCare Health Systems, LLC BayCare Clinic, LLP
164 N. Broadway Green Bay, WI 54303
It is the policy of BayCare that no retaliatory action will be made against any individual who submits or conveys a complaint of suspected or actual non-compliance or violation of the privacy standards.
TELEPHONE, WEB SITE AND INTERNET PRIVACY PRACTICES
BayCare respects your privacy interests and operates its Internet sites by these principles. We have taken reasonable steps to protect the integrity and confidentiality of personally identifiable information you may provide.
Contact via Cellular Phone, Text Message and Landline
BayCare uses automated appointment reminders to contact patients to remind them about upcoming appointments, and a text messaging service to conduct confidential surveys about how we are doing in meeting your needs as a patient. BayCare will use the number you provide for these purposes, and providing this number to BayCare is understood by you and BayCare to indicate your consent for BayCare to use the number for this purpose.
Voluntary Submission of Information
You may use the BayCare Web site without disclosing personally identifiable information, and we will not obtain such information about you unless you choose to submit it to us. Any information you submit will be used internally only; however, submission of information authorizes such internal use by us and our employees. In particular, please note that submission of an e-mail authorizes us to contact you via e-mail. Please note that email is not a secure mode of transmission of PHI unless both parties are using a common encryption technology. Therefore, we may reply with a minimum amount of information and ask for further communication by telephone, fax or in-person conversation.
Please note that we use “cookies,” which are small files stored on your computer’s hard drive that are used to track
certain information. These cookies enable us to track and target the interests of our users to enhance their experience on our site. For example, cookies usually allow your browser to remember which pages you have visited and help us to know how much traffic our pages receive. This process does not reveal any personal information about the person viewing the page (such as a username or password) unless the person has previously given such information. If you find cookies objectionable, please consult your browser’s documentation for information on how to block or erase cookies.
In addition, our Web server collects and saves the default information customarily logged by World Wide Web server software. Our logs contain the following information for each request: date, time, originating IP address and domain name, object requested, and completion status of the request. We use these logs to help improve our service by evaluating the level of demand for our site and detecting any errors on the site that might occur. These logs may be kept for an indefinite length of time and used at any time and in any way necessary to prevent security breaches and protect the integrity of the data on our servers.
Use of Collected Information
Any information we gather, whether submitted voluntarily or collected automatically, will be used for our internal purposes only. It is our policy not to disclose or to sell any information to third parties. Notwithstanding this policy, we retain the right to disclose collected information if required to do so by law or if acting on a good faith belief that such disclosure is necessary to protect our rights or property or to respond to an emergency situation.
Review, Update, and Deletion of Collected Information
If you are concerned about the information you have provided to us or would like to review, update, or delete this information, please e-mail us at firstname.lastname@example.org. We will make reasonable efforts to comply with your requests.
BayCare’s website takes reasonable precautions to protect our users’ information; including adequate encryption where deemed reasonable and appropriate. Please note that electronic transmissions via the Internet are not necessarily secure from interception, and we do not guarantee the security or confidentiality of transmissions. We reserve the right to update or otherwise alter our security practices if and when appropriate to do so. You should review our security provisions each time you visit our site to identify and understand any changes made since your previous visit.
Notification of Changes
If we decide to change our approach to website and Internet privacy, we will post those changes to this policy so that users are always aware of what information we collect, how we use it, and under what circumstances we disclose it. Changes to this policy will be dated, and will be effective from the date specified forward. You should check our Privacy Practices each time you visit our site to identify and understand any changes made since your previous visit.
At certain pages on our website we may post images of human beings or other images that may allow identification of a specific person. In all such cases, we have permission from the individual pictured, or from his or her parent or guardian. We do not post such images without such consent.
This Notice is prepared in accordance with the Health Insurance Portability and Accountability Act, 45 C.F.R. 164.520,
and applicable Wisconsin healthcare privacy laws.
BayCare Clinic, LLP/BayCare Health Systems, LLC Notice of Privacy Practices Rev. Date 1-28-2016