Privacy & HIPAA

Uses and Disclosures of Protected Health Information Based upon Written Consent:

• Treatment: Coordinate or manage the patient’s healthcare and related services, including a third party, with prior permission to access the patient’s PHI. Examples: home health agencies, other treating and referral physicians, healthcare providers, specialists, or laboratories.
• Payment: Obtain payment for healthcare services. Examples: eligibility and utilization review procedures for health insurance plans and the hospital admission process.
• Healthcare Operations:
  • Support the business activities of the patient’s physician’s practice. Examples: quality assessment activities, employee review activities, training of medical students, licensing, marketing, fundraising activities, and conducting or arranging for other activities such as appointment reminders and calling patients’ names in a waiting room on admittance or discharge.
  • Share with third-party “business associates” who perform billing, transcription services, and other activities.
  • Provide as necessary alternative treatment information or other health-related benefits and services.
  • Provide the System marketing procedures: name and address used for newsletter notifying practices and services; information about beneficial products and services; demographics and patient treatment dates used to contact patients for fundraising activities; Chief Privacy Officer (CPO) contact information provided to request that these materials not be sent to you. MCH, MCC, AR C.A.R.E.S., MCBH-M, and MCBH-J may use or disclose PHI with its subsidiaries within the applicable Continuum of Care.
• Business Associates: We may share some of your PHI with outside people or companies who provide services for Methodist, such as off-site storage of PHI.
• Based Upon Your Written Authorization: Written authorization is required unless otherwise permitted or required by law, as described below. You may revoke authorization at any time, in writing, except to the extent that the patient’s physician or physician’s practice has taken an action in reliance on the use or disclosure indicated in the authorization.
• Other Permitted and Required Uses and Disclosures That May Be Made With Your Consent, Authorization, or Opportunity to Object: If parent/guardian is not present or able to agree or object to the use or disclosure of the PHI, then the physician may use professional judgment to determine whether the disclosure is in the patient’s best interest and only PHI that is relevant to the patient’s healthcare will be disclosed.
• Others Involved in the Patient’s Healthcare: Without parental/guardian objection, family members, close friends, and others designated by the parent/guardian may be placed on the Authorization Contact List to assist:
• • • With notification to family, personal representatives, or others responsible for the patient’s care of the patient’s location, general condition, or death.
  • In disaster relief efforts and coordination with family or other individuals involved in the patient’s healthcare. If the parent/guardian is not present or able to agree or object to the use or disclosure of the PHI, then a physician may use professional judgment to determine whether the disclosure is in the patient’s best interest, and only PHI that is relevant to the patient’s healthcare will be disclosed.
• Emergencies: The patient’s physician, during emergency treatment situations, shall try to obtain consent as soon as reasonably practicable after the delivery of treatment. If the physician is required by law to treat the patient and an attempt to obtain consent was made but unable to obtain it, the physician may use PHI to treat the patient.
• Communication Barriers: If attempts to obtain consent are unsuccessful due to substantial communication barriers, the physician, using professional judgment, will determine the parent/guardian’s intentions concerning PHI.
• Other Permitted and Required Uses and Disclosures may be made without your consent, authorization, or opportunity to object.
• Required By Law: PHI will be in compliance with the law and limited to the relevant requirements of the law.
• Public Health: PHI may be disclosed for public health activities/authorities that are permitted by law to collect or receive the information for the purpose of controlling disease, injury, or disability or, if directed by the public health authority, to a foreign government agency that is collaborating with the public health authority.
• Communicable Diseases: PHI disclosures are made, if authorized by law, to a person possibly exposed to a communicable disease or at risk of contracting or spreading the disease or condition.
• Health Oversight: PHI may be disclosed to oversight agencies (healthcare systems, government benefit programs, governmental regulatory programs, and civil rights laws) for activities authorized by law, such as audits, investigations, and inspections.
• Abuse or Neglect: PHI disclosures authorized by law allow a public health authority to receive reports of child abuse or neglect. The System, in accordance with federal and state laws, may disclose to a governmental entity or authorized agency the patient’s PHI if abuse, neglect, or domestic violence is suspected.
• Food and Drug Administration: PHI may be disclosed to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations and to track products, enable product recalls, repairs or replacements, and/or to conduct post-marketing surveillance.
• Legal Proceedings: PHI may be disclosed in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), in response to a subpoena, discovery request, or other lawful process.
• Law Enforcement: PHI may be disclosed if applicable legal requirements are met:
  • Legal processes.
  • Limited information requests for identification and location purposes.
  • Pertaining to victims of a crime.
  • Suspicion that death has occurred as a result of criminal conduct.
  • Crime occurs on the premises of the System.
  • Medical emergency not on the System premises that demonstrates a crime has occurred.
• Coroners, Funeral Directors, and Organ Donation: PHI may be disclosed for identification purposes, determining the cause of death, or for the coroner or medical examiner to perform other duties authorized by law. PHI may be disclosed to permit the funeral director to carry out their duties. The System may disclose such information in reasonable anticipation of death and for cadaveric organ, eye, or tissue donation purposes.
• Research: The System may provide PHI to researchers when an institutional review board has evaluated the research proposal and ensured the patient’s privacy through established protocols.
• Criminal Activity: Under federal and state laws, the System may disclose the patient’s PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and to assist law enforcement authorities in identifying or apprehending an individual
• Military Activity and National Security: PHI may be disclosed to Armed Forces personnel:
  • Activities deemed necessary by appropriate military command authorities.
  • The purpose of a determination by the Department of Veterans Affairs of the patient’s eligibility for benefits.
  • Foreign military authority if a patient is a member of foreign military services.
  • Authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others legally authorized.
• Workers’ Compensation: PHI may be disclosed to comply with workers’ compensation laws and other similar legally established programs.
• Inmates: PHI may be disclosed if the patient has been an inmate in a correctional facility and the patient’s physician created or received the patient’s PHI in the course of providing care.
• Required Uses and Disclosures: Under the law, the System must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of Section 164.500 et. Seq.