Notice of Privacy & Information Practices
How is Patient Privacy Protected?
At Riverside Health System, we understand that information about you and your health is personal. Because of this, we strive to maintain the confidentiality of your health information. We continuously seek to safeguard that information through administrative, physical, and technical means, and otherwise abide by applicable federal and state guidelines.
How do we use and disclose health information?
When you visit a Riverside Health System facility, we use and disclose your health information for the normal business activities that the law sees as falling in the categories of treatment, payment, and health care operations. Below we provide examples of those activities, although not every use or disclosure within each category is listed:
Treatment – We keep a record of each visit and/or admission. This record may include your test results, diagnoses, medications and your response to medications, or other therapies. We disclose this information so that doctors, nurses, other staff members, and entities such as laboratories can meet your needs. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes slows the healing process. The doctor may tell the dietitian if you have diabetes so that we can arrange the appropriate meal for you.
Payment – We document the services and supplies you receive at each visit or admission so that you, your insurance company, or another third party can pay us. We may tell your health plan about upcoming treatment or services that require prior approval by your health plan. For example, we may need to give your health plan information about surgery you received at our facility so your health plan will pay us or reimburse you for the surgery.
Health Care Operations - Health information is used to improve the services we provide, to train staff and students, for business management, quality improvement, and for customer service. For example, we may use your health information to review our treatment and services and to evaluate the performance of our staff in caring for you.
However, we are limited by law from releasing certain categories of health information for purposes of treatment, payment, or health care operations. For example, we would not disclose genetic information without your permission.
We may also use your health information to:
- Comply with federal, state, or local laws that require disclosure.
- Assist in public health activities such as tracking diseases or medical devices.
- Inform authorities to protect victims of abuse or neglect.
- Comply with Federal and state health oversight activities such as fraud investigations.
- Respond to law enforcement officials or to judicial orders, subpoenas, or other processes.
- Inform coroners, medical examiners, and funeral directors of information necessary for them to fulfill their duties.
- Facilitate organ and tissue donation or procurement.
- Conduct research following internal review protocols to ensure the balancing of privacy and research needs.
- Avert a serious threat to health or safety.
- Assist in specialized government functions such as national security, intelligence, and protective services.
- Inform military and veteran authorities if you are an armed forces member (active or reserve).
- Inform a correctional institution if you are an inmate.
- Inform workers’ compensation carriers or your employer if you are injured at work.
- Recommend treatment alternatives.
- Tell you about health-related products and services.
- Communicate with other Riverside Health System organizations for treatment, payment, or health care operations.
- Communicate with other providers, health plans, or their related entities for their treatment or payment activities, or health care operations activities relating to quality assessment or licensing.
- Provide information to other third parties with whom we do business, such as medical record transcription services. However, you should know that in these situations, we require third parties to provide us with assurances that they will safeguard your information.
We may also use or disclose your personal or health information for the following operational purposes. We may:
- Include you on the inpatient list for callers or visitors if you are admitted.
- Let clergy know if you have been admitted.
- Communicate with individuals involved in your care or payment for that care, such as friends and family.
- Contact you for Riverside Health System fundraising.
- Send appointment reminders.
You may tell the scheduler, admitting clerk, or fundraiser that you do not want us to use or disclose your information for these five activities. If you are contacted for fundraising, we will always allow you the opportunity to tell us you do not want to receive additional fundraising information.
Other uses and disclosures, not previously described, may only be done with your written authorization. You may revoke your authorization; however, this will not affect prior uses and disclosures.
What are Riverside’s Responsibilities?
Riverside Health System is required by law to:
- Maintain the privacy of your health information.
- Provide this notice of our duties and privacy practices.
- Abide by the terms of the notice currently in effect.
Do you have any Federal Rights?
The law entitles you to:
- Inspect and copy certain portions of your health information, including information in an electronic format if we maintain your information in an electronic health record. ^* (However, we may deny your request under limited circumstances.)
- Request amendment of your health information if you feel the health information is incorrect or incomplete. ^ (However, under certain circumstances we may deny your request.)
- Receive an accounting of certain disclosures of your health information made up to six years prior to your request, although this excludes disclosures for treatment, payment, and health care operations. ^* However, after 2014, if disclosures for treatment, payment, or health care operations are made through an electronic health record, you may request an accounting of disclosed information made up to three years prior to your request.
- Request that we restrict how we use or disclose your health information. ^ (However, we are not required to agree with your requests, unless the request restricts disclosures to a health plan for purposes of carrying out payment or health care operations and the information pertains solely to a health care item or service you fully pay for out of pocket.)
- Request that we communicate with you at a specific telephone number or address. ^
- Obtain a paper copy of this notice even if you receive it electronically.
Requests followed by a caret (^) must be in writing. Fees may apply to requests followed by a star (*). Contact the Privacy Officer if you wish to exercise these rights.
What if I have a Complaint?
If you believe that your privacy has been violated, you may file a complaint with us or with the Secretary of Health and Human Services in Washington, D.C. We will not retaliate or penalize you for filing a complaint with the facility or the Secretary.
To file a complaint with us or receive more information contact:
Lisa Salsberry, Riverside (RHS) Corporate Audit and Compliance / Privacy Officer
(757) 369-8620 Fax
608 Denbigh Boulevard, Suite 500-B
Newport News, VA 23608
Or, call the Confidential Reporting line for Riverside at 1-800-303-5678.
Or, complete the online form on the Contact Us page.
To file a complaint with the Secretary of Health and Human Services, write to 200 Independence Avenue, S.E., Washington, D.C. 20201.
Who Will Abide By This Notice?
This Notice describes Riverside Health System’s practices and those of:
- Any physician or other health care professional authorized by Riverside Health System to access and/or enter information into your medical record,
- All departments and units of the facility,
- All affiliates and volunteers, and
- Any Riverside Health System owned health care entities and Riverside Health System Medical Group offices.
Need more information?
Call or write the Privacy Officer.