Notice of Privacy Practices (NPP)

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

The terms of this Notice of Privacy Practices apply to PENINSULA REGIONAL MEDICAL CENTER operating as a clinically integrated health care arrangement composed of Peninsula Regional Medical Center, the physicians, other licensed professionals seeing and treating patients at this Medical Center, the Transitional Care Unit, Peninsula Main Street Occupational Health & Urgent Care, and the Peninsula Regional Medical Group Offices. The members of this clinically integrated health care arrangement work and practice at Peninsula Regional Medical Center. All of these entities and persons listed will share personal health information of patients as necessary to carry out treatment, payment, and health care operations as permitted by law.

We are required by Federal law to maintain the privacy of our patients' personal health information and to provide patients with notice of our legal duties and privacy practices with respect to your personal health information. We are required to abide by the terms of this Notice so long as it remains in effect. We reserve the right to change the terms of this Notice of Privacy Practices as necessary and to make the new Notice effective for all personal health information maintained by us. You may receive a copy of any revised notices at the Health Information Management or a copy may be obtained by mailing a request to the Director of Health Information Management, 100 East Carroll Street, Salisbury, MD 21801.

USES AND DISCLOSURES OF YOUR PERSONAL HEALTH INFORMATION

Your Authorization and Consent: Except as outlined below, we will not use or disclose your personal health information for any purpose unless you have signed a form consenting to or authorizing the use or disclosure. You have the right to revoke that consent or authorization in writing unless we have taken any action in reliance on the consent or authorization.

Psychotherapy Notes: An authorization is required for uses and disclosures of psychotherapy notes.

Uses and Disclosures for Payment: With your signed consent, we will make uses and disclosures of your personal health information as necessary for payment purposes. For instance, we may forward information regarding your medical procedures and treatment to your insurance company to arrange payment for the services provided to you or we may use your information to prepare a bill to send to you or to the person responsible for your payment.

Uses and Disclosures for Health Care Operations: With your signed consent, we will use and disclose your personal health information as necessary, and as permitted by law, for our health care operations which include clinical improvement, professional peer review, business management, accreditation and licensing, etc. For instance, we may use and disclose your personal health information for purposes of improving the clinical treatment and care of our patients. We may also combine health information about many PRMC patients to decide what additional services our organization should offer, what services are not needed, and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, nursing and medical students, and other personnel for review and learning purposes. We may also combine the health information we have with health information from other similar organizations to compare how we are doing and see where we may make improvements in the care and services we offer. We may remove information that identifies you from this set of health information so others may use it to study health care and health care delivery without learning who the specific patients are.

Peninsula Regional Medical Center participates in regional and statewide internet-based health information exchanges (HIE) including the medical center sponsored exchange and patient portal myPenCare in conjunction with RelayHealth and both the Chesapeake Regional Information Systems for our Patients, Inc. (CRISP), a statewide health information exchange in Maryland and the Delaware Health Information (DHIN) a statewide health information exchange in Delaware. The exchange of health information can provide faster access, better coordination of care and assist providers and public health officials in making more informed treatment decisions. As a participant of CRISP and DHIN, we share information that we obtain or create about you and health care providers for treatment and public health purposes, as permitted by law. Protecting patient information in myPenCare, CRISP and DHIN HIE are a priority. The exchanges follow all state and federal privacy and security laws to protect patient health information. The Federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security and Breach Notification Rules are the main Federal laws that protect your health information. Peninsula Regional, RelayHealth, CRISP and DHIN consider the privacy and security protections outlined by these laws to be minimum standards. While there are many benefits to participating in an HIE, the exchange of information electronically has associated risks. Potential risks include: errors in clinical data, breach of information and inappropriate use. Peninsula Regional, CRISP and DHIN are confident that many of these risks are mitigated by protections and security processes that are in place. You may choose not to register and establish an account to access the myPenCare patient portal and your on-line personal health record. You may also opt-out of CRISP or DHIN and prevent providers from being able to search for your information through the statewide exchange. In either case, if you do not register with myPenCare or you opt-out of either CRISP or DHIN, your physician(s) if affiliated with Peninsula Regional or if participating with CRISP in Maryland or DHIN in Delaware, may access diagnostic information about you, such as lab results, and refer you to other providers with secure messaging. You may opt out and prevent searching of your health information held in CRISP by completing and submitting an Opt-Out Form to CRISP by mail, fax or online you may do so by calling 1-877-952-7477 or completing and submitting an Opt-Out form to CRISP by mail, fax or through their website at www.crisphealth.org. You may opt-out and prevent searching of your health information held in DHIN by completing and submitting to DHIN a Request for Non-Participation in DHIN Form located through their website at www.dhin.org by calling 1-302-678-0220. For additional information regarding myPenCare and RelayHealth, visit www.mypencare.org.

The Facility Directory: We maintain a facility directory listing the name, room number, general condition and, if you wish, your religious affiliation. Unless you choose to have your information excluded from this directory, the information, excluding your religious affiliation, will be disclosed to anyone who requests it by asking for you by name. This information, including your religious affiliation, may also be provided to members of the clergy. You have the right during registration to have your information excluded from this directory and also to restrict what information is provided and/or to whom.

Peninsula Regional Medical Center may periodically publish comments, in both internal and external publications, submitted by patients or their family members regarding the patient care experiences. If you would prefer not to have your comments included, please contact the Patient Experience team at 410-543-7212.

In most cases your social security number represents your medical record number. This notice serves as your annual disclosure form stating you have the right to request, in writing, that we stop the use of posting your Social Security Number as your medical record number. (MD § 14-3403). You may make the request by sending your name and address to the Director of Health Information Management at 100 East Carroll Street, Salisbury, MD 21801.

Breach Notification Obligations: An individual has a right to, or will receive, notifications of breaches of his or her unsecured PHI.

Family and Friends Involved In Your Care: With your approval, we may disclose your personal health information to designated family, friends, and others who are involved in your care or in payment of your care in order to facilitate that person's involvement in caring for you or paying for your care. If you are unavailable, incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be in your best interest, we may share limited personal health information with such individuals without your approval. We may also disclose limited personal health information to a public or private entity that is authorized to assist in disaster relief efforts in order for that entity to locate a family member or other persons that may be involved in some aspect of caring for you.

Business Associates: Certain aspects and components of our services are performed through contracts with outside persons or organizations, such as auditing, accreditation, legal services, etc. At times it may be necessary for us to provide certain components of your personal health information to one or more of these outside persons or organizations who assist us with our health care operations. In all cases, we require these business associates to appropriately safeguard the privacy of your information.

Fundraising: We may contact you to donate to a fundraising effort for or on our behalf. When we contact individuals to raise funds for our organization, we will also include a notice of such intentions and their right to opt out of such communications. You may do so by sending your name and address to the Executive Director of the Peninsula Regional Medical Center Foundation, 100 East Carroll Street, Salisbury, MD, 21801, together with a statement that you do not wish to receive fundraising materials or communications from us.

Appointments and Services: We may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you. You have the right to request and we will accommodate reasonable requests by you to receive communications regarding your personal health information from us by alternative means or at alternative locations. For instance, if you wish appointment reminders to not be left on voice mail or sent to a particular address, we will accommodate reasonable requests. You may request such confidential communication in writing by providing a written request to our Privacy Officer. We will not ask you the reason of your request. We will accommodate all reasonable requests. Your request must tell us how or where you wish to be contacted. If you do not tell us how or where you wish to be contacted, we do not have to follow your request.

Treatment alternatives: We may use and disclose health information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.

Health Related Benefits and Services: We may use and disclose health information to tell you about health-related benefits or services that may be of interest to you.

Research: Under certain circumstances, we may use and disclose health information about you for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of health information, trying to balance the research needs with patients’ need for privacy of their health information. Before we use or disclose health information for research, the project will have been approved through this research approval process, but we may, however, disclose health information about you to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs. We will always ask for your specific permission if the researcher will have access to your name, address or other information that reveals who you are, or will be involved in your care.

Marketing: We may contact or send you information about new programs, services or events that may be of interest to you. You have the right to request that we not send you any future marketing materials and we will use our best efforts to honor such requests. You may make the request by sending your name and address to the Director of Community Relations/Marketing, 100 East Carroll Street, Salisbury, MD, 21801, with your request to be removed from our marketing mailing lists.

Other Uses and Disclosures: We are permitted or required by law to make certain other uses and disclosures of your personal health information without your consent or authorization. These include activities such as; required reporting of disease, injury, birth and death, and for required public health investigation. We may release your personal health information for any purpose required by law. We may release your personal health information for public health, if we suspect child abuse or neglect, if we believe you to be a victim of abuse, neglect, or domestic violence. We may release your personal health information to the Food and Drug Administration if necessary to report adverse events, product defects, or to participate in product recalls. We may release your personal health information to your employer when we have provided health care to you at the request of your employer; in most cases you will receive notice that information is disclosed to your employer. We may release your personal health information if required by law to a government oversight agency conducting audits, investigations, or civil or criminal proceedings. We may release your personal health information if required to do so by a court or administrative ordered subpoena or discovery request. In most cases you will have notice of such release. We may release your personal health information to law enforcement officials as required by law to report wounds, injuries and crimes. We may release your personal health information to coroners and/or funeral directors consistent with the law. We may release your personal health information if necessary to arrange an organ or tissue donation from you or a transplant for you. We may release your personal health information for certain research purposes when an institutional review board with established rules to ensure privacy, approves such research studies. We may release your personal health information if you are a member of the military as required by the armed forces services. We may also release your personal health information, if necessary, for national security or intelligence activities. And we may release your personal health information to workers' compensation agencies if necessary for your workers' compensation benefit determination. A written authorization is required for any uses and disclosures not addressed within the NPP.

RIGHTS THAT YOU HAVE Access to Your Personal Health Information: You have the right to a copy and/or to inspect the personal health information that we retain on your behalf. All requests for access must be made in writing and signed by you or your legal representative. You will be charged a nominal fee consistent with the Maryland Statues (MD Health Gen. 4-304 4-301(k)(5). You may obtain an access authorization form from the Health Information Management Department. MD Code Ann., Health Gen. 4-304

Amendments to Your Personal Health Information: You have the right to request in writing that personal health information that we maintain about you be amended or corrected. We are not obligated to make all requested amendments but will give each request careful consideration.

All amendment requests, in order to be considered by us, must be in writing, signed by you or your legal representative, and must state the reasons for the amendment/correction request. If an amendment /correction you request is made by us, we may also notify others who work with us and have copies of the uncorrected record if we believe that such notification is necessary. You may obtain an amendment request form from the Health Information Management Department.

Accounting for Disclosures of Your Personal Health Information: You have the right to receive an accounting of certain disclosures made by us of your personal health information after April 14, 2003. Requests must be made in writing and signed by you or your representative. Accounting request forms are available from the Health Information Management Department. The first accounting in any 12-month period is free; you will be charged a fee subsequent accounting you request within the same 12-month period.

Restrictions on Use and Disclosure of Your Personal Health Information: You have the right to request restrictions on certain of our uses and disclosures of your personal health information for treatment, payment, or health care operations on the consent form you sign when you become a patient. We are not required to agree to your restriction request but will attempt to accommodate reasonable requests when appropriate and we retain the right to terminate an agreed-to restriction if we believe such termination is appropriate. In the event of a termination by us, we will notify you of such termination. You also have the right to terminate, in writing or orally, any agreed-to restriction to sending such termination notice to Health Information Management Department.

Right to Restrict Release of Information for Certain Services: You have the right to restrict the disclosure of information regarding healthcare item or service for which you have paid in full or on an out of pocket basis. This information can be released only upon your written authorization. We have an affirmative obligation to agree to restrict disclosures of your PHI to your health plan for which you have paid for the items or services out-of-pocket and in full.

Complaints: If you believe your privacy rights have been violated, you can file a complaint with the Privacy Officer, in writing at Peninsula Regional Medical Center, 100 East Carroll Street, Salisbury, MD 21801. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services, 200 Independence Ave., S.W., Washington D.C., 20201 in writing within 180 days of a violation of your rights. There will be no retaliation for filing a complaint.

FOR FURTHER INFORMATION: If you have questions or need further assistance regarding this Notice, you may contact the Director of Health Information Management, 100 East Carroll Street, Salisbury, MD 21801 at (410) 543-7194 or send request via email to healthinformation@peninsula.org. As a patient you retain the right to obtain a paper copy of this Notice of Privacy Practices, even if you have requested such copy by e-mail or other electronic means.

EFFECTIVE DATE: This Notice of Privacy Practices is effective May 1, 2015.