SPEARE MEMORIAL HOSPITAL

“THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.”

UNDERSTANDING YOUR PROTECTED HEALTH INFORMATION (PHI)
Speare Memorial Hospital (including affiliated practices.)

Who must follow this Notice:

  • All members of our workforce, including doctors, nurses, other healthcare providers, other employees, staff, and volunteers.
  • All members of our Medical Staff

This Notice is being given to you because federal law gives you the right to be told ahead of time about the following:

How Speare Memorial Hospital will handle your health information;
Their legal duties related to your health information; and;
Your rights with regard to your health information.

Patient-specific information is confidential and shall be made available only in conformity with all applicable state and federal laws and regulations regarding the confidentiality of patient records, including but not limited to 42 CFR Part 2 and 45 CFR Parts 160 and 164 (HIPAA Privacy and Security Rules) where applicable. A record of your visit is made each time you visit your doctor, hospital, or other healthcare provider. This record usually contains your symptoms, examination or test results, diagnosis, treatment, and a plan for any future care or treatment you may need, and often it also includes payment information. This is called your health or medical record.

Although your medical record is the physical property of the healthcare provider or facility that compiled it, the information it contains belongs to you. For the purpose of this document, Speare will refer to that information as “Protected Health Information” or “PHI.”
Speare will not condition your treatment or payment on your signing this document.

I. YOUR HEALTH INFORMATION RIGHTS
You have the right to:

  • Obtain a paper copy of this Notice, or upon your request, any future revisions of this Notice;
  • Request a restriction on certain uses and disclosures of your PHI (though Speare is not required to agree to any such request;
  • Review and get a paper or electronic copy of your PHI. If you request a copy of the information, you may be charged a fee for the costs of copying, mailing, or other supplies used to fulfill your request. If you would like an electronic copy of your health information, it will be provided as a copy in electronic form and format as requested as long as it can be readily produced in the requested form. Otherwise, a readable electronic form and format will be provided as agreed;
  • Request that your provider correct or update your PHI if you believe there is a mistake in your record or an important piece of information is missing.
  • Obtain a list of disclosures of your PHI made during the six years prior to the date on which the accounting is requested for purposes other than treatment, payment, or healthcare operations;
  • Receive confidential communications of PHI, choose how PHI is sent to you if you prefer an alternate form of communication to traditional mail, and choose if you wish to have your PHI sent to a different address;
  • Withdraw your authorization to use or disclose your PHI except to the extent that action has already been taken;
  • Receive notification if there is a probable compromise to your unsecured PHI within sixty (60) days of the discovery of the breach. The Notice will include a description of what happened, including the date, the type of information involved in the breach, steps you should take to protect yourself from potential harm, a brief description of the investigation into the breach, mitigation of harm to you, protection against further breaches, and contact procedures to answer your questions;
  • All requests for the release of PHI must be made in writing and signed by the patient or responsible party. Requests may be made through Health Information Management Services at the hospital, clinic, or physician practice where you were seen and treated.

II. OUR RESPONSIBILITIES REGARDING YOUR PHI
Speare Memorial Hospital is required to:

  • Maintain the privacy of your PHI;
  • Provide you with a notice as to our legal duties and privacy practices with respect to information collected and maintained about you, and abide by the terms of this Notice;
  • In the event that your request to review and get a paper or electronic copy of your PHI is denied, you will be informed in writing and explain whether you can appeal your denial and, if so, how that process works;
  • Notify you in writing if your request is denied to change your PHI, which a provider may do if they find that your medical record is accurate and complete; we did not create it; your requested change is to information to which your provider is not required to provide access; or if your requested change is to information that is not part of our records;
  • Notify you if the requested restriction is denied;
  • Accommodate reasonable requests you may have to communicate health information by alternative means or at alternate locations;
  • We reserve the right to change our privacy practices and to make those changes effective for all protected health information collected prior to the date of the change. Should our information practices change, we will make available to you, at your request, a revised paper copy of our Notice of Privacy Practices. Our current Notice of Privacy Practices will always be posted on our website at www.spearehospital.com.

III. HOW WE MAY USE, SHARE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION:

There are many ways in which hospitals and providers use and disclose a patient’s PHI. For some of these uses, your provider is required to get your written consent; for others, they are not. Below please find a list of how we may use and disclose your PHI:

A. Uses and Disclosures Relating to Treatment, Payment, or Health Care Operations: Your PHI may be used and disclosed without your prior consent for the following reasons:

  1. For treatment. As your provider, we may use your PHI to provide you with healthcare treatment and services. For example, information collected by a nurse, physician, or other healthcare team member will be recorded in your record and used to determine the course of treatment that should work best for you. Your physician will note in your record their expectations of the members of your healthcare team. Members of your healthcare team will then record the actions they took and their observations. That way, your physician will know how you respond to treatment.
  2. For payment. As your provider, we may use or disclose your PHI so that we may bill and receive payment from you, an insurance company, or another third party for the healthcare services you receive from us. For example, a bill may be sent to you or your insurance company. The information sent with the bill may include information that identifies you and your diagnosis, procedures, and supplies used.
  3. For healthcare operations. As your provider, we may use or disclose your health information in order to perform the necessary administrative, educational, quality assurance, and business functions of our facilities. For example, members of the medical staff, the risk management director, or members of the quality improvement team may use information in your health record to assess the care and outcomes in your case and others like it. This information will then be used in an effort to improve the quality and effectiveness of the healthcare and services we provide. We may also provide your PHI to our accountants, attorneys, consultants, business associates, and others in order to make sure we are complying with the laws and business practices that affect us and to conduct hospital business. We will make every effort to protect the privacy of your PHI.

 

B. Uses and disclosures for Patient Directories and to Persons Assisting in Your Care: Generally, as your provider, we will get your verbal consent before using or disclosing PHI in the following ways. However, in certain situations, such as an emergency, as your provider, we may use and disclose your PHI for these purposes without your consent.

  1. Patient directories. As your provider, we may include your name, location, general condition, and religious affiliation in a patient directory. Clergy members who ask for you by name may be given this information. Visitors who ask for you by name may be given your location and general condition. Members of the media who ask for you by name may receive confirmation that you are a patient and be provided with your general condition.
  2. Disclosures to family, friends, or others. As your provider, we may provide your PHI, including your condition and status, to a family member, friend, or other person that you indicate is involved in your care or the payment of your healthcare, including following your death. In addition, as your provider, we may disclose your health information to an entity assisting in a disaster relief effort so that a family member or other person responsible for your care can be notified about your condition, status, and location.

C. Other uses and disclosures that do not require your authorization. We may use and disclose your PHI without your consent or authorization for the following reasons:

  1. Appointment Reminders: As your provider, we may use and disclose PHI to contact you as a reminder that you have an appointment for tests or treatment or a prescription refill;
  2. Treatment Alternatives: As your provider, we may use and disclose PHI to tell you about or recommend possible treatment options or alternatives that may be of interest to you;
  3. Health-Related Benefits and Services: As your provider, we may use and disclose PHI to tell you about health-related benefits or services that may be of interest to you.
  4. Research: As your provider, we may use and disclose information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your health information;
  5. To Avert a Serious Threat to Health or Safety: As your provider, we may use and disclose PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any such disclosure, however, would be to someone able to help prevent further threats;
  6. Organ and Tissue Donation: If you are an organ donor, we may release PHI about you to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation;
  7. Military and Veterans: If you are a member of the armed forces, as your provider, we may release PHI about you as required by military command authorities;
  8. Workers Compensation: As your provider, we may release your PHI for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illnesses. The exception to this occurs when the information is particularly sensitive (such as drug and alcohol testing results and AIDS results): in those cases, a written release is required.
  9. Public Health Risks: As your provider, we may disclose PHI about you for public health activities. These activities generally include the following:
    1. Preventing or controlling disease, injury, or disability;
    2. Reporting births and deaths;
    3. Reporting child abuse or neglect;
    4. Reporting reactions to medications or problems with products;
    5. Notifying people of recalls of products they may be using;
    6. Notifying a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
  10. Victims of Abuse, Neglect, or Domestic Violence: As your provider, we may notify the appropriate agencies if we believe a patient has been the victim of abuse, neglect, or domestic violence. We will only make such disclosures if you agree or when required or authorized by law;
  11. Health Oversight Activities: As your provider, we may disclose your PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure;
  12. As Required by Law: As your provider, we will disclose your PHI when required to do so by federal, state, or local law. We may also disclose PHI about you in response to a court or administrative order, in response to a subpoena discovery request, or other lawful process;
  13. Law Enforcement: As your provider, we may release your PHI for law enforcement purposes as required by law or in response to a valid legal process. We are also required to report to law enforcement all information regarding the treatment of injuries believed to be caused by a criminal act. The exception to this is in the case of sexual assault victims over the age of 18 unless that patient is also being treated for a life-threatening injury;
  14. Coroners, Medical Examiners, and Funeral Directors: As your provider, we may release PHI to a coroner or medical examiner. We may also release PHI to funeral directors as necessary to carry out their duties;
  15. National Security and Intelligence Activities: As your provider, we may release your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law;
  16. Protective Services for the President and Others: As your provider, we may disclose your PHI to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state or conduct special investigations;
  17. Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, as your provider, we may disclose to the institution and its agents health information necessary for your health and the safety of other individuals;
  18. Business Associates: As your provider, we may disclose your health information to contractors, agents, and other “business associates” who need the information in order to assist us with obtaining payment or carrying out our business operations. For example, we may share your PHI with a billing company that helps us obtain payment from your insurance company, or we may share your PHI with an accounting firm or law firm that provides professional advice to us. If your PHI is disclosed to a business associate, we will have a written contract to ensure that our business associate also protects the privacy of your health information. If our business associate discloses your PHI to a subcontractor or vendor, the business associate will have a written contract to ensure that the subcontractor or vendor also protects the privacy of the information;
  19. Proof of Immunization: As your provider, we may disclose proof of a child’s immunizations to a school about a child who is a student or prospective student of the school, as required by state or other law, if a parent, guardian, other person acting in loco parentis, or an emancipated minor, authorizes us to do so, but we do not need written authorization;
  20. Completely De-identified or Partially De-identified Information: As your provider, we may use and disclose your health information if we have removed any information that has the potential to identify you. De-identified information will not contain any information that would directly identify you (such as your name, street address, social security number, phone number, fax number, electronic mail address, website address, or license number);
  21. Incidental Disclosures: While we will take reasonable steps to safeguard the privacy of your health information, certain disclosures of your PHI may occur during or as an avoidable result of our otherwise permissible uses or disclosures of your health information. For example, during the course of a treatment session, other patients in the treatment area may see or overhear a discussion of your health information;
  22. Fundraising: As your provider, we may use or disclose your demographic information, including name, address, other contact information, age, gender, date of birth, dates of health services information, department of service information, treating physician outcome information, and health insurance status for fundraising purposes. With each fundraising communication made to you, you will have the opportunity to opt out of receiving any further fundraising communications. We will also provide you with an opportunity to opt back in to receive such communications if you should choose to do so.

D. All other Uses and Disclosures: Generally, we will obtain your written authorization before using your PHI or sharing it with others outside of our organization. There are certain situations where we must obtain your written authorization before using your PHI or sharing it, including:

  1. Marketing. As your provider, we may not disclose any of your PHI for marketing purposes if we will receive direct or indirect financial remuneration not reasonably related to our cost of making the communication.
  2. Sale of Protected Health Information. As your provider, we will not sell your PHI to third parties. The sale of PHI, however, does not include a disclosure for public health purposes, for research purposes where we will only receive remuneration for our costs to prepare and transmit the health information, for treatment and payment purposes, for the sale transfer, merger or consolidation of all or part of our organization, for a business associate or its subcontractor to perform health care functions on our behalf, or for other purposes as required ad permitted by law.

If you provide us with written authorization, you may revoke that written authorization at any time, except to the extent that we have already relied upon it. To revoke a written authorization, please write to the Privacy Officer. You may also initiate the transfer of your records to another person by completing a written authorization form.

Additionally, there are some kinds of information, such as HIV-related information, alcohol and substance abuse treatment information, mental health information, and genetic information that are considered so sensitive that state or federal laws provide special protections for them. Therefore, some parts of this general Notice of Privacy Practices may not apply to these types of information. If you have questions or concerns about how these types of information may be used or disclosed, please speak with your healthcare provider.

If a particular situation is not described in sections III A, B, C, and D above, we will ask for your written consent before using or disclosing any of your PHI.

IV. HOW TO SUBMIT A COMPLAINT ABOUT OUR PRIVACY PRACTICES
If you think your privacy rights may have been violated, or you disagree with a decision we made about access to your PHI, you may file a complaint with the office listed in the next section of the Notice. Please be assured that you will not be penalized, and there will be no retaliation for voicing a concern or filing a complaint. Speare Memorial Hospital is committed to the delivery of quality healthcare in a confidential and private environment.

PERSON TO CONTACT FOR INFORMATION ABOUT THIS NOTICE OR TO COMPLAIN ABOUT OUR PRIVACY PRACTICES. If you have any questions about this Notice or any complaints about our privacy practices, or you believe your privacy rights have been violated, please call the Privacy Office (603)238-6467, the Privacy Hotline (603)238-6467, or contact in writing: HIPAA Privacy Officer at 16 Hospital Road, Plymouth, NH 03264.

You may also file a complaint with the Secretary to the Department of Health and Human Services at:

Dept. of Health and Human Services             PH: (800)368-1019 or (617)565-1340
Office for Civil Rights-Region I   Fax: (617)565-3809
JFK Federal Building, Room 1875 TDD: (800)537-7697 or (617)565-1343
Government Center Website: www.hhs.gov/ocr
Boston, MA 02203-0002               Click on the link “how to file a complaint”

Government regulations require that healthcare organizations must state in their privacy notices that no retaliation will be taken against any person for filing a complaint. Consistent with this regulation, as your provider, we will not take any action that would penalize you for exercising your rights as outlined in this privacy notice. Your choice to file a complaint will not affect your current or future care at Speare Memorial Hospital or any of our providers.

Speare Memorial Hospital values and welcomes your feedback.        

Revised: 7/2023

 

Translate »
Scroll to Top