Notice of Privacy & Information Practices
How is Patient Privacy Protected? At Riverside, we understand that information about you and your health is personal. Because of this, we are committed to maintaining the confidentiality of your health information. We continuously seek to safeguard that information through administrative, physical and technical means, and otherwise abide by applicable federal and state guidelines.
How Do We Use and Disclose Health Information? When you visit a Riverside facility, a record of your stay is created that contains health and financial information. Typically, this record contains information about your condition, the treatment we provided and payment for the treatment. We use and disclose your health information for the normal business activities that the law sees as falling in the categories of treatment, payment and health care operations.
Below we provide examples of those activities, although not every use or disclosure within each category is listed, however, all of the ways we are permitted to use and disclose protected health information will fall within one of these categories:
Treatment – We keep a record of each visit and/or admission. This record may include your test results, diagnoses, medications and your response to medications or other therapies. We disclose this information so that doctors, nurses, other staff members and entities such as laboratories can meet your needs. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes slows the healing process. The doctor may tell the dietitian if you have diabetes so that we can arrange the appropriate meal for you. We may also disclose medical information about you to people outside of Riverside who may be involved in your medical care and/or payment for your medical care after you leave Riverside, such as family members, home healthcare personnel or others to whom you have been referred to ensure that these individuals have the necessary information to care for, diagnose or treat you. Specially-protected health information such as psychotherapy notes do require written authorization from you in order to be disclosed.
Payment – We document the services and supplies you receive at each visit or admission so that you, your insurance company or another third party can pay us. We may tell your health plan about upcoming treatment or services that require prior approval by your health plan. For example, we may need to give your health plan information about surgery you received at our facility so your health plan will pay us or reimburse you for the surgery.
Health Care Operations - Health information is used to improve the services we provide, to train staff and students, for business management, quality improvement and for customer service. For example, we may use your health information to review our treatment and services, to evaluate the performance of our staff in caring for you and to survey you on your satisfaction with our services. We use the minimum amount of information necessary in order to protect your privacy.We are limited by law from releasing certain categories of health information for purposes of treatment, payment or health care operations. For example, we would not disclose genetic information without your permission.
- Family and Friends Involved in Your Care. We may disclose health information about you to your family members or friends when they are in your immediate presence, if we obtain your verbal agreement to do so or if we give you an opportunity to object to such a disclosure and you do not raise an objection. We may also disclose health information to your family or friends if we can infer from the circumstances, based on our professional judgment that you would not object. For example, we may assume you agree to our disclosure of your personal health information to your spouse when you bring your spouse with you into the exam room during treatment or while treatment is discussed. In situations where you are not capable of giving consent (because you are not present or due to incapacity or medical emergency), we may, using our professional judgment, determine that a disclosure to your family member or friend is in your best interest. In that situation, we will disclose only health information relevant to the person's involvement in your care.
- Appointments and Services. We may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you. Please notify the Riverside Audit and Compliance/Privacy Officer in writing, at the address below, if you do not wish to be contacted for appointment reminders, or if you do not wish to receive communications about treatment alternatives or health-related products or services.
- Facility Directories. We maintain a facility directory listing your name, room number, general condition and, if you wish, your religious affiliation. Unless you choose to have your information excluded from this directory, the information, excluding your religious affiliation, will be disclosed to anyone who requests it by asking for you by name. This information, including your religious affiliation, may also be provided to members of the clergy. You have the right during registration to have all or any part of your information excluded from this directory.
- Business Associates. Certain aspects and components of our services are performed through contracts with outside persons or organizations, such as auditing, accreditation, legal services, etc. At times, it may be necessary for us to provide your protected health information to one or more of these outside persons or organizations who assist us with our healthcare operations. In all cases, these business associates are required to appropriately safeguard the privacy of your information.
- Workers' Compensation. We may release health information about you for workers' compensation or similar programs. These programs provide benefits for work-related injuries or illness.
- Deceased Patients. Your health information is protected by HIPAA for 50 years after your death. The law allows Riverside to continue to provide, after your death, protected health information about you to those family and friends you have designated, who were involved either in your care or the payment of care.
- Research. We may release your protected health information for certain research purposes without your authorization when such research is approved by an institutional review board with established rules to ensure privacy and with researcher representations that limit the use and disclosure of your information.
- Marketing. We must receive your authorization for any use or disclosure of protected health information for marketing, except if the communication is in the form of a face-to-face communication made to you personally; or a promotional gift of a nominal value provided by Riverside. It is not considered marketing to send you information related to your individual treatment, to direct or recommend alternative treatment, therapies, healthcare providers or settings of care. These may be sent without written permission.
- Fundraising. We may use certain information about you, such as your name, address, phone number, dates that we provided care to you, department of service and treating physician information, without your written permission, in order to contact you for the purpose of raising money for Riverside. You have the right to opt out of receiving such communication with each solicitation. If you do not want Riverside to contact you for fundraising efforts, you may opt-out by notifying the Riverside Foundation at (757) 234-8740.Your decision to opt out will have no impact on your treatment or access to services at any Riverside facility.
Other Allowable Uses of Your Health Information
We may also use your health information to:
- Comply with federal, state or local laws that require disclosure.
- Assist in public health activities such as tracking diseases or medical devices.
- Inform authorities to protect victims of abuse or neglect.
- Comply with federal and state health oversight activities such as fraud investigations.
- Respond to law enforcement officials or to judicial orders, subpoenas or other processes.
- Inform coroners, medical examiners and funeral directors of information so they may fulfill their duties.
- Facilitate organ and tissue donation or procurement.
- Avert a serious threat to health or safety.
- Assist in specialized government functions such as national security, intelligence and protective services.
- Inform military and veteran authorities if you are an armed forces member (active or reserve).
- Inform a correctional institution if you are an inmate.
- Communicate with other Riverside organizations for treatment, payment or health care operations.
- Communicate with other providers, health plans, or their related entities for their treatment or payment activities, or health care operations activities relating to quality assessment or licensing.
Other Uses of Health Information
Other uses and disclosures, not previously described, may only be done with your written authorization. If you provide Riverside authorization to use or disclose health information about you, you may revoke your authorization, in writing, at any time; however, this will not affect prior uses and disclosures.
In some instances, we may need specific, written authorization from you in order to use or disclose certain types of specially- protected information, such as psychotherapy notes. Riverside will not sell your protected health information without your authorization.
What are Riverside's Responsibilities?
Riverside is required by law to:
- Maintain the privacy of your health information
- Provide this notice of our duties and privacy practices
- Notify affected individuals following a breach of unsecured protected health information
- Abide by the terms of the notice currently in effect
We reserve the right to change privacy practices, and make the new practices effective for all the information we maintain. Revised notices will be posted in our facilities and on our public web site. We will also offer you a copy when you receive services.
Your Rights Regarding Health Information About You
Although your health record is the property of Riverside, the information belongs to you. You have the following rights regarding your health information:
Right to inspect and obtain copies: You have the right to inspect and obtain a copy of certain portions of your health information, including information in an electronic format if we maintain your information in an electronic health record. You must submit your request in writing through the Riverside facility's Medical Records department. We may charge you a reasonable cost-based fee for each page copied and postage, if applicable. We may deny your request to inspect and copy in certain very limited circumstances.
Right to request amendment of your health information: You have the right to request that protected health information that we maintain about you be amended, if you feel the health information we have is incorrect or incomplete. Requests for amending your information must be made in writing, signed by you or your representative and must state the reasons for the amendment request. Requests should be made through the Riverside facility's Medical Records department. We are not obligated to make all requested amendments but will give each request careful consideration.
Right to accounting of disclosures: You have a right to request an accounting of certain disclosures we made of your health information, other than those made for the purposes of treatment, payment or health care operations. To request an accounting of disclosures, you must submit your request in writing through the Riverside Audit and Compliance / Privacy Officer. Your request must state a time period which may not be longer than six years from the date of your request. Your request should indicate in what form you want the list (for example: on paper, electronically). The first list you request within a 12 month period will be free. For additional lists, we may charge you for the cost of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
You may request in writing an accounting for disclosures for treatment, payment, or health care operations made through an electronic health record for a three-year period.
Right to restriction: You have the right to request that we restrict how we use or disclose your health information. You also have the right to request a limit on the medical information we disclose about you for notification purposes to individuals involved in your care or the payment of your care, like a family member or friend. However, we are not required to agree with your requests, unless the request restricts disclosures to a health plan for purposes of carrying out payment or health care operations and the information pertains solely to a health care item or service you fully pay for out of pocket.
If you choose to restrict any information under these circumstances, you must submit your request in writing through the Riverside facility's Medical Records department. In your request, you must tell us what information you want to limit; whether you want to limit our use, disclosure or both; and to whom you want the limits to apply, for example, disclosures to your spouse. You may contact the Medical Records department to terminate a restriction.
Right to breach notification: In the event that unsecured protected health information is inappropriately disclosed by Riverside or one of our Business Associates, an investigation of the event will be conducted. If it is determined to be a breach of your information, we will fully comply with the HIPAA/HITECH breach notification requirements, which will include written notification to you of the breach and actions Riverside has taken to minimize any impact the breach may or could have on you.
Right to request confidential communications: You have the right to request that we communicate with you at a specific telephone number or address. To request confidential communications, you must make your request in writing to the Riverside facility's Medical Records department. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
Right to paper copy of this notice: You have the right to obtain a paper copy of this notice even if you receive it electronically. To obtain a paper copy of this notice, please contact the Riverside Audit and Compliance / Privacy Officer at the number or address below.
What if I have a Complaint?
If you believe that your privacy has been violated, you may file a complaint with us or with the Secretary of Health and Human Services in Washington, D.C. We will not retaliate or penalize you for filing a complaint with the facility or the Secretary.
To file a complaint with us or receive more information contact:
Riverside Audit and Compliance/Privacy Officer
(757) 534-7000 or (757) 369-1139; (757) 534-7087 Fax
701 Town Center Drive, Suite 1000
Newport News, VA 23606-4286
To file a complaint with the Secretary of Health and Human Services, write to 200 Independence Avenue, S.W., Washington, D.C. 20201.
Who Will Abide By This Notice?
This Notice describes Riverside's practices and those of:
- Any physician or other health care professional authorized by Riverside to access and/or enter information into your medical record,
- All departments and units of the facility,
- All affiliates and volunteers, and
- Any Riverside owned health care entities, including Riverside Medical Group.
Your personal care providers outside of Riverside may have different policies or notices regarding their use and disclosure of your medical information created in their offices.
Need more information?
Call or write the Riverside Audit and Compliance/Privacy Officer.