Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.
TO OUR PATIENTS. This Notice describes how health information about you, as a patient of Joslin, may be used and disclosed. It also describes your rights and certain obligations we have regarding the use and disclosure of your medical information. This is required by the Privacy Regulations created as a result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
We are legally required to protect the privacy of information that is related to your healthcare that can be used to identify you. This information is called “protected health information” or PHI for short. PHI includes information that we have created or received about you and your health condition. We are required by law to provide you with this NOTICE OF PRIVACY PRACTICES (Notice) that explains our privacy practices and how, when, and why we use and/or disclose your PHI.
We are legally required to follow the privacy practices that are described in this Notice. We reserve the right to change our privacy policies and the terms of this Notice at any time. Before any important policy change goes into effect, we will change this Notice. The new Notice will be posted in all our registration areas for public viewing.
You may request a copy of this Notice at any time by contacting the Compliance Office at (617) 309-1976.
I. HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION.
Personal information about you, your medical history and healthcare treatment may be recorded, either on paper or electronically, as part of providing you with healthcare. This information is vital to the normal business operation of Joslin, and is necessary in order to provide you and others with the highest quality healthcare.
For Treatment. We may use medical information about you to provide you with medical treatment or services. For example: Joslin may disclose medical information about you to physicians, nurses, technicians, hospitals, medical students or Joslin personnel who are involved with the administration of your care.
For Payment. We may use and disclose medical information about you so that the treatment and services you receive at Joslin or from other entities, such as an ambulance company, may be billed to and payment may be collected from you, an insurance company or a third party. The bill may contain information that identifies you, your diagnosis and procedures and supplies used. We may need to disclose this information to insurance companies to establish insurance eligibility benefits for you. We may also provide your PHI to our business associates, such as billing companies, claims processing companies and others that process our healthcare claims.
For Healthcare Operations. We may use and disclose medical information about you for Joslin operations. These uses and disclosures are made for quality of care and medical staff activities, medical education within Joslin, and teaching programs with affiliates and within other healthcare arrangements. Your medical information may also be used or disclosed to comply with laws and regulations, for contractual obligations, patients’ claims, grievances or lawsuits, healthcare contracting, legal services, underwriting and other insurance activities and to operate our healthcare business. We may also disclose information to doctors, nurses, technicians, medical and other students, and other health system personnel for performance improvement and educational purposes. We will also provide your physician or other healthcare providers with copies of various reports that should assist them in treating you. We may also provide your medical information to our accountants, attorneys, consultants and others in order to make sure we comply with the laws that govern us.
For Business Associates. Some services in Joslin are provided through contracts with outside vendors and consultants. We may disclose PHI to our business associates to perform the services we have requested. We require our business associates by contract to appropriately safeguard your information.
For Appointment Reminders, Information about Healthcare Related Benefits and Treatment Alternatives. We may use and disclose medical information to contact you as a reminder that you have an appointment for a treatment or medical care at Joslin and to inform you of treatment alternatives or other healthcare services or benefits that we offer.
For Fundraising Activities. Revenue from philanthropic sources plays a key role in the successful operation of Joslin. As such, we may contact you regarding our fundraising activities. The money raised will support our research efforts in preventing and finding a cure for diabetes, and in the meantime will allow us to provide the best patient care possible. If you do not wish to be contacted for our fundraising efforts, please notify us by writing to the Joslin Compliance Office, One Joslin Place, Boston, Massachusetts 02215.
To Individuals Involved in Your Care or Payment for Your Care. Unless instructed otherwise, we may release medical information to anyone you identify who is involved in your medical care, e.g., a friend, family member, personal representative, or any other individual of your choice. We may also give information to someone who helps pay for your care. We may also tell your family or friends about your general condition and that you had an appointment at Joslin.
For Disaster Relief Efforts. We may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
For Research. Joslin specializes in the research and treatment of diabetes. All research studies conducted at Joslin must be approved through a special review process to protect patient safety, welfare and confidentiality. Your medical information may be important to further research efforts and the development of new knowledge. We may use and disclose medical information about our patients for research purposes to qualified researchers, subject to the confidentiality provisions of state and federal law. On occasion, researchers contact Joslin patients regarding their interest in participating in certain research studies. Enrollment in those studies can only occur after you have been informed about the study, had an opportunity to ask questions, and indicated your willingness to participate by signing a consent form. Other studies may be performed using information about your treatment without requiring your authorization. For example, a research study may involve comparing the health and recovery of patients who received one treatment to those who received an alternate treatment for the same condition.
As Required By Law. We will disclose medical information about you when required to do so by federal or state law.
To Prevent a Serious Threat to Health or Safety. In order to avoid a serious threat to the health or safety of a person or the public, we may provide medical information about you to law enforcement personnel or person able to prevent or lessen such harm.
Organ and Tissue Donation. If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
Military and Veterans. If you are or were a member of the armed forces, we may release medical information about you to military command authorities as authorized or required by law.
Workers’ Compensation. We may use or disclose medical information about you for Workers’ Compensation or similar programs as authorized or required by law. These programs provide benefits for work-related injuries or illness.
Public Health Activities. We may disclose your medical information to public health or legal authorities charged with preventing or controlling disease, injury or disability.
Health Oversight Activities. We may disclose medical information to governmental, licensing, auditing and accrediting agencies as authorized or required by law.
Lawsuits and Other Legal Actions. In connection with lawsuits or other legal proceedings, we may disclose medical information about you in response to a court or administrative order, or in response to a subpoena, discovery request, warrant, summons or other lawful process, but only if efforts have been made to contact you about the request.
Law Enforcement. We may disclose medical information to assist officials in locating a suspect, fugitive, material witness or missing person. In addition, we may disclose medical information to officials regarding criminal conduct.
Coroners, Medical Examiners and Funeral Directors. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients of Joslin to funeral directors as necessary to carry out their duties.
National Security and Intelligence Activities. As required by law, we may disclose medical information about you to authorized federal officials for intelligence, counterintelligence and other national security activities authorized or required by law.
Protective Services for the President and Others. As authorized or required by law, we may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
Inmates. If you are an inmate of a correctional institution or under the custody of law enforcement officials, we may release medical information about you to the correctional institution as authorized or required by law.
II. YOUR RIGHTS REGARDING MEDICAL INFORMATION ABOUT YOU
Your medical information is the property of Joslin, but you have certain rights regarding the medical information we maintain about you. You may exercise your rights by submitting a request to us. All requests must be made in writing and submitted to the Compliance Office, One Joslin Place, Boston, Massachusetts 02215.
You have the following rights with respect to your PHI:
Right to Inspect and Copy. With certain exceptions, you have the right to inspect and/or receive a copy of your medical information. If you request a copy of the information, we may charge a fee for these services. We may deny your request to inspect and/or to receive a copy in certain limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed healthcare professional chosen by Joslin will review your request and the denial.
Right to Request an Amendment. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for Joslin. The amendment request must be in writing, signed by you or your authorized representative and must state the reasons for the amendment request. We may deny your request if you ask us to amend information that:
- Was not created by Joslin;
- Is not part of the medical information kept by or for Joslin;
- Is not medical information you are permitted to inspect or copy; or
- Is accurate and complete in the record.
Right to an Accounting of Disclosures. You have the right to receive a list of the disclosures we have made of medical information about you that were for purposes other than treatment, payment, healthcare operations and certain other purposes, or disclosures made with your written authorization. Requests must be made in writing and signed by you or your authorized representative. Your request must state a time period that may not be longer than the six previous years. You are entitled to one accounting within any 12-month period. You will be charged a fee of 25 dollars for each subsequent accounting you request within the same 12-month period. We have 60 days to respond to your request. If we cannot respond to your request within the 60 days, we will notify you in writing that we are extending the response time by an additional 30 days and give you a new date of when to expect our response.
Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or healthcare operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. We are not required to agree to your request regarding restrictions on disclosure with the following exception: if you pay for a healthcare product or service yourself in full and out of pocket, you may request that we not share health information pertaining only to that product or service with your health plan for the purposes of carrying out payment or healthcare operations. If we do agree, our agreement must be in writing, and we will comply with your request unless the information is needed to provide you emergency treatment. In your request, you must tell us: (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse.
Right to Request Confidential Communications. Generally, we will use the address, telephone number and, in some cases, the email address you give us to contact you. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or that we send your medical information to another address. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
If you believe your privacy rights have been violated, you may file a complaint in writing to the Compliance Office, One Joslin Place, Boston, Massachusetts 02215 or by calling the Joslin Diabetes Center Compliance Helpline at (617) 309-1971. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services in Washington, D.C. or through the regional office at J.F.K. Federal Building – Room 1874, Boston, MA 02203 in writing within 180 days of a violation. There will be no retaliation for filing a complaint.
IV. OTHER USES OF MEDICAL INFORMATION
Other uses and disclosures of medical information not covered by this Notice or the laws that apply to us will be made only with your written permission (authorization). If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we will retain our records of the care provided to you as required by law.
Communication via E-mail and Fax Concerning Your Treatment. Provided that your physician or provider in general offers e-mail as a method of communication to his/her patients we need your written permission (consent). For example, your consent must be on file if you would like to use e-mail for non-urgent issues like reviewing your blood glucose results, requesting routine tests or refilling prescriptions. You can give us your permission by either signing a consent form at the time of your visit at Joslin or sending us the form via normal mail or fax.
V. ACKNOWLEDGEMENT OF RECEIPT OF NOTICE.
You will be asked to sign an acknowledgement form that you received this Notice of Privacy Practices.
VI. FOR FURTHER INFORMATION.
If you have questions or need further assistance regarding this policy, you may contact the Compliance Office, Joslin Diabetes Center, One Joslin Place, Boston, Massachusetts 02215 at (617) 309-1976 or via e-mail at email@example.com.
VI. EFFECTIVE DATE.
This revised Notice of Privacy Practices is effective November 1, 2012.
Page last updated: May 21, 2013