Joint Notice of Privacy Practices
THIS JOINT NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
EFFECTIVE DATE DECEMBER 1, 2006
1. Who Follows This Notice:
This Joint Notice of Privacy Practices (Notice)* applies to all protected health information (PHI) for services provided either at The University of Texas MD Anderson Cancer Center (MD Anderson) or at the Proton Therapy Center Houston (PTC).
2. Purpose and Legal Requirements:
MD Anderson and PTC, as well as members of our workforces care about the privacy and confidentiality of your information. To this end, MD Anderson has developed certain policies, created new procedures, and taken other steps to help keep your information confidential. This Notice gives a summary of those steps, explains your privacy rights, and gives you phone numbers and addresses you can use to ask questions or to make requests.
We are required by law to:
- Make sure that medical information that identifies you is kept private.
- Give you this Notice of our legal duties and privacy practices with respect to your medical information.
- Follow the terms of this Notice as long as it is in effect. If we revise this Notice, we will follow the terms of the revised Notice as long as it is in effect.
MD Anderson, PTC, and members of our workforces, including faculty, staff, volunteers, trainees, students and contractors, follow the privacy practices described in this Notice. These privacy practices are maintained in locations or sites where treatment, payment and health care operation activities may occur.
This Notice applies to all of the records related to the care and services that you receive at MD Anderson or PTC, whether made by staff or your physician. This Notice will tell you about the ways in which we may use and disclose medical information about you. This Notice also describes your rights and certain obligations we have regarding the use and disclosure of your medical information.
MD Anderson and PTC maintain your medical information in records that will be maintained in a confidential manner, as required by law. However, we must use and disclose your medical information to the extent necessary to provide you with quality health care. To do this, we must share your medical information as necessary for treatment, payment and health care operations.
3. Treatment, Payment, and Health Care Operations:
Treatment includes sharing information among health care providers involved in your care. For example, your health care provider may share information about your condition with the pharmacist to discuss appropriate medications, or with radiologists or other consultants in order to make a diagnosis. MD Anderson and PTC also communicate with your referring and follow up physician in the community, keeping him/her informed about your care. In addition, we may use your medical information as required by your health plan to obtain payment for your treatment and hospital stay. We also may tell your health plan about a treatment in order to obtain prior approval or to determine whether your health plan will cover the treatment. We may use and/or disclose your medical information to improve the quality of care delivered by us (e.g., for review, for education and training purposes and to run the day-to-day operations of MD Anderson or PTC). We may disclose your health information to a business associate with whom we contract to provide services on our behalf. To protect your health information, we require our business associates to appropriately safeguard the health information of our patients.
4. You Have Rights Regarding Your Medical Information:
You have the following rights regarding your medical information, provided that you make a written request to invoke the right on the form provided by us.
Right to Request Restriction(s).
You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is participating in your care or the payment for your care, such as a family member or friend. For example, you could ask that we not use or disclose information about a particular surgery that you have had. We will attempt to accommodate all reasonable requests, but in certain circumstances we may not be able to comply. To request a restriction, you must make your request in writing to the Chief Compliance Officer at The University of Texas MD Anderson Cancer Center, Institutional Compliance Office, Unit 1640, PO Box 301407, Houston, Texas, 77230-1407. In your request, you must tell us: (1) what information you want to limit; (2) whether you want to limit our use or disclosure of the information (or both); and (3) whom you want the limits to apply (e.g., disclosures to your spouse).
Right to Request Alternate Communication Methods.
You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you by telephone at work or that we only contact you by mail at home. To request such a limitation, you must make your request in writing to the Chief Compliance Officer at The University of Texas MD Anderson Cancer Center, Institutional Compliance Office, Unit 1640, PO Box 301407, Houston, Texas, 77230-1407. We will not ask you the reason for your request. We will attempt to accommodate all reasonable requests. Your request, however, must specify how or where you wish to be contacted.
Right to Inspect and Copy.
You have the right to inspect and copy medical information that may be used to make decisions about your care. Usually, this includes medical and billing records and excludes psychotherapy notes. To inspect and copy medical information that may be used to make decisions about you, you must submit your request in writing to Health Information Management at 1515 Holcombe Blvd., Unit 306, Houston, Texas 77030. If you request a copy of the information, we may charge a fee for the costs of copying, mailing, or other supplies associated with your request. We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by us will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Right to Request Amendment.
If you feel that the information within your medical or billing records is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for MD Anderson or PTC. To request an amendment, your request must be made in writing and submitted to Health Information Management at 1515 Holcombe Blvd., Unit 306, Houston, Texas 77030. In addition, you must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that: (1) was not created by us, unless the person or entity that created the information is no longer available to make the amendment; (2) is not part of the medical information kept by or for MD Anderson or PTC; (3) is not part of the information that you would be permitted to inspect and copy; or (4) is accurate and complete.
Right to an Accounting of Disclosures.
You have the right to receive an accounting of certain disclosures made by us regarding your medical information. The accounting (or list) of disclosures will include: (1) the date of the disclosure; (2) the name of the entity or person who received the medical information and, if known, the address; (3) a brief description of the medical information disclosed; and (4) a brief statement of the purpose of the disclosure. However, this list will not include, for example, disclosures made to carry out treatment, payment, or health care operations, nor will it include disclosures made pursuant to a valid authorization. To request this list, you must submit your request in writing to Health Information Management at 1515 Holcombe Blvd., Unit 306, Houston, Texas 77030. Your request should state a time period that may not be longer than six (6) years and may not include dates before April 14, 2003. The first list you request within a twelve (12) month period will be free of charge. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved, and you may choose to withdraw or modify your request at that time and before any costs are incurred.
Right to a Paper Copy of This Notice.
You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy of this Notice. To obtain a paper copy of this Notice, contact the Chief Compliance Officer at The University of Texas MD Anderson Cancer Center, Institutional Compliance Office, Unit 1640, PO Box 301407, Houston, Texas, 77230-1407.
5. Your Information May Be Used For:
Without your specific authorization, your medical information may be used, unless you ask for restrictions on a specific use or disclosure, for the following purposes:
We may contact you to provide appointment reminders.
We may contact you with information about treatment alternatives or other health-related benefits or services that may be of interest to you.
We will include your name, location in MD Anderson, your condition described in general terms, and your religious affiliation in our directory of hospitalized patients. If you agree, the directory information, except for your religious affiliation, will be released to people who ask for you by name. Your religious affiliation may be given to members of the clergy, even if they do not ask for you by name, unless you prohibit this.
Family and Friends
If you agree, we may disclose your medical information to family members, other relatives, or close personal friends when the medical information is directly relevant to that person’s participation with your care.
If you agree, we may use or disclose your medical information to notify a family member, a personal representative, or another person responsible for your care of your location, general condition, or death.
Public Health/Health Oversight Activities
We may disclose your medical information for public health activities, including for the reporting of disease, injury, vital events, and for the conducting of public health surveillance, investigation and/or intervention. We may disclose your medical information to a health oversight agency for oversight activities authorized by law, including for audits, investigations, inspections, licensure or disciplinary actions, administrative and/or legal proceedings or actions.
We may use or disclose your medical information to a public or private entity, such as the American Red Cross, for the purpose of coordinating with that entity to assist in disaster relief efforts.
Disclosure to Department of Health and Human Services
We may disclose medical information when required by the United States Department of Health and Human Services as part of an investigation or a determination of our compliance with relevant laws.
We may use limited information for fundraising activities. This information includes your name, address and contact information, age, gender, insurance status, and the dates you received services at MD Anderson or PTC.
Abuse or Neglect
In accordance with federal and state law, we may disclose your medical information when it concerns abuse, neglect, or domestic violence to you.
We may disclose your medical information in the course of certain judicial or administrative proceedings.
Law Enforcement/Specialized Government Functions
We may disclose your medical information for law enforcement purposes or other specialized governmental functions, such as national security, intelligence activities, and for the provision of protective services to the President.
Coroners, Medical Examiners, and Funeral Directors
We may disclose your medical information to a coroner, medical examiner, or a funeral director.
If you are an organ donor, we may disclose your medical information to an organ donation and procurement organization.
We may use and/or disclose your medical information for certain research purposes. All research projects at MD Anderson and PTC are subject to review and approval by an Institutional Review Board (IRB). An IRB is a committee responsible for protecting individual research subjects and insuring that research is conducted ethically. You will not be enrolled in a research project that is not reviewed and approved by an IRB.
We may use or disclose your medical information to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
We may release your PHI for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illnesses.
And as Otherwise Required by Law.
6. Your Authorization Is Required for Other Uses or Disclosures:
The use or disclosure of your medical information for other purposes or activities, not listed above, will be made only with your written authorization (permission). If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written permission. However, we are unable to take back any disclosures we have already made with your permission.
7. Privacy Complaints:
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the United States Department of Health and Human Services. You will not be penalized or retaliated against in any way for making a complaint. To file a complaint with us, contact the Chief Compliance Officer at The University of Texas MD Anderson Cancer Center, Institutional Compliance Office, Unit 1640, PO Box 301407, Houston, TX, 77230-1407. All privacy complaints must be submitted in writing.
8. Changes to This Notice:
We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for medical information we already have about you as well as any information we receive in the future. We will post a copy of the current Notice in MD Anderson and PTC. The Notice will contain on each page, in the top right-hand corner, the effective date. In addition, each time you register at or are admitted to MD Anderson or PTC for treatment or healthcare services as an inpatient or outpatient, copies of the Notice will be made available upon request.
Should you have any questions...
Should you have any questions about the contents of this Notice, please contact the Chief Compliance Officer at The University of Texas MD Anderson Cancer Center, Institutional Compliance Office, Unit 1640, PO Box 301407, Houston, Texas, 77230-1407, or at (713) 745-6636, or through the Privacy Hotline at 1-888-337-7497.
*MD Anderson’s Notice was originally issued on April 14, 2003. Since that time, the Notice has been revised on December 1, 2006.