Privacy & HIPAA

Uses and disclosures of protected health information

Your Privacy

Notice of Privacy Practices (NPP) describes the uses and disclosures of a patient’s “Protected Health Information” (PHI) regarding treatment, payment, or healthcare operations and for other purposes permitted or required by law and a patient’s right to access and control of PHI including demographics: identity of patient; past, present or future physical or mental health or condition and/or related healthcare services.

Methodist Children’s Home (MCH), Methodist Children’s Behavioral Hospital-Maumelle (MCBH-M), Methodist Counseling Clinic (MCC), Arkansas C.A.R.E.S., and Methodist Children’s Behavioral Hospital-Jonesboro (MCBH-J) will abide by the terms of the NPP and, at any time, may change the terms of the notice that will be effective for all PHI maintained at the time of change. A revised NPP will be provided on request by mail or email.

Who Will Follow This Notice?

This Notice describes the practices of our programs associated with the Methodist Children’s Home (MCH), Methodist Children’s Behavioral Hospital-Maumelle (MCBH-M), Methodist Counseling Clinic (MCC), Arkansas C.A.R.E.S., and Methodist Children’s Behavioral Hospital-Jonesboro (MCBH-J)  may share medical information for treatment, payment, or operations as described in this notice. Any healthcare professional associated with the Methodist Family Health system — employees, staff, and other personnel authorized to enter information into the patient’s file or record — will follow the terms of the NPP.

Photo of a smiling professional woman.

The Patient’s Rights

This notice describes how medical information about you may be disclosed and how you can get access to this information. Please review it carefully.

You have the right to:

  • Obtain a paper copy of this Notice.
  • Inspect and copy the patient’s PHI, which is contained in a designated record set (medical/billing records and other records used for decisions about the patient).
  • Request a restriction on certain uses and disclosures of PHI, but we are not required to agree to your restrictions. Your restriction request must be in writing.
  • Request and receive confidential communications by alternative means or at an alternative location; the System will accommodate reasonable requests made in writing that may ask for the following information:
    1. How payments will be handled.
    2. Specification of alternative address or other contact methods.
    3. Explanation for the request.
  • Amend your PHI; requests for amending PHI are for as long as the System maintains the information. If denied due to certain situations, you have the right to file a statement of disagreement and prepare a rebuttal.
  • Accounting of disclosures: specific disclosure information may be received (after April 14, 2003) with certain exceptions, restrictions, and limitations.
  • Revoke your authorization to use or disclose protected health information except to the extent that action has already been taken.

To inspect or obtain a copy of your records, complete an authorization/release form and send the request to the Health Information Management Department. All other requests must be sent to the Chief Privacy Officer.

Uses and Disclosures of PHI

Uses and Disclosures of Protected Health Information Based upon Written Consent:

  • Treatment: Coordinate or manage the patient’s healthcare and related services, including a third party, with prior permission to access the patient’s PHI. Examples: home health agencies, other treating and referral physicians, healthcare providers, specialists, or laboratories.
  • Payment: Obtain payment for healthcare services. Examples: eligibility and utilization review procedures for health insurance plans and the hospital admission process.
  • Healthcare Operations:
    • Support the business activities of the patient’s physician’s practice. Examples: quality assessment activities, employee review activities, training of medical students, licensing, marketing, fundraising activities, and conducting or arranging for other activities such as appointment reminders and calling patients’ names in a waiting room on admittance or discharge.
    • Share with third-party “business associates” who perform billing, transcription services, and other activities.
    • Provide as necessary alternative treatment information or other health-related benefits and services.
    • Provide the System marketing procedures: name and address used for newsletter notifying practices and services; information about beneficial products and services; demographics and patient treatment dates used to contact patients for fundraising activities; Chief Privacy Officer (CPO) contact information provided to request that these materials not be sent to you. MCH, MCC, AR C.A.R.E.S., MCBH-M, and MCBH-J may use or disclose PHI with its subsidiaries within the applicable Continuum of Care.
  • Business Associates: We may share some of your PHI with outside people or companies who provide services for Methodist, such as off-site storage of PHI.
  • Based Upon Your Written Authorization: Written authorization is required unless otherwise permitted or required by law, as described below. You may revoke authorization at any time, in writing, except to the extent that the patient’s physician or physician’s practice has taken an action in reliance on the use or disclosure indicated in the authorization.
  • Other Permitted and Required Uses and Disclosures That May Be Made With Your Consent, Authorization, or Opportunity to Object: If parent/guardian is not present or able to agree or object to the use or disclosure of the PHI, then the physician may use professional judgment to determine whether the disclosure is in the patient’s best interest and only PHI that is relevant to the patient’s healthcare will be disclosed.
  • Others Involved in the Patient’s Healthcare: Without parental/guardian objection, family members, close friends, and others designated by the parent/guardian may be placed on the Authorization Contact List to assist:
      • With notification to family, personal representatives, or others responsible for the patient’s care of the patient’s location, general condition, or death.
    • In disaster relief efforts and coordination with family or other individuals involved in the patient’s healthcare. If the parent/guardian is not present or able to agree or object to the use or disclosure of the PHI, then a physician may use professional judgment to determine whether the disclosure is in the patient’s best interest, and only PHI that is relevant to the patient’s healthcare will be disclosed.
  • Emergencies: The patient’s physician, during emergency treatment situations, shall try to obtain consent as soon as reasonably practicable after the delivery of treatment. If the physician is required by law to treat the patient and an attempt to obtain consent was made but unable to obtain it, the physician may use PHI to treat the patient.
  • Communication Barriers: If attempts to obtain consent are unsuccessful due to substantial communication barriers, the physician, using professional judgment, will determine the parent/guardian’s intentions concerning PHI.
  • Other Permitted and Required Uses and Disclosures may be made without your consent, authorization, or opportunity to object.
  • Required By Law: PHI will be in compliance with the law and limited to the relevant requirements of the law.
  • Public Health: PHI may be disclosed for public health activities/authorities that are permitted by law to collect or receive the information for the purpose of controlling disease, injury, or disability or, if directed by the public health authority, to a foreign government agency that is collaborating with the public health authority.
  • Communicable Diseases: PHI disclosures are made, if authorized by law, to a person possibly exposed to a communicable disease or at risk of contracting or spreading the disease or condition.
  • Health Oversight: PHI may be disclosed to oversight agencies (healthcare systems, government benefit programs, governmental regulatory programs, and civil rights laws) for activities authorized by law, such as audits, investigations, and inspections.
  • Abuse or Neglect: PHI disclosures authorized by law allow a public health authority to receive reports of child abuse or neglect. The System, in accordance with federal and state laws, may disclose to a governmental entity or authorized agency the patient’s PHI if abuse, neglect, or domestic violence is suspected.
  • Food and Drug Administration: PHI may be disclosed to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations and to track products, enable product recalls, repairs or replacements, and/or to conduct post-marketing surveillance.
  • Legal Proceedings: PHI may be disclosed in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), in response to a subpoena, discovery request, or other lawful process.
  • Law Enforcement: PHI may be disclosed if applicable legal requirements are met:
    • Legal processes.
    • Limited information requests for identification and location purposes.
    • Pertaining to victims of a crime.
    • Suspicion that death has occurred as a result of criminal conduct.
    • Crime occurs on the premises of the System.
    • Medical emergency not on the System premises that demonstrates a crime has occurred.
  • Coroners, Funeral Directors, and Organ Donation: PHI may be disclosed for identification purposes, determining the cause of death, or for the coroner or medical examiner to perform other duties authorized by law. PHI may be disclosed to permit the funeral director to carry out their duties. The System may disclose such information in reasonable anticipation of death and for cadaveric organ, eye, or tissue donation purposes.
  • Research: The System may provide PHI to researchers when an institutional review board has evaluated the research proposal and ensured the patient’s privacy through established protocols.
  • Criminal Activity: Under federal and state laws, the System may disclose the patient’s PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and to assist law enforcement authorities in identifying or apprehending an individual
  • Military Activity and National Security: PHI may be disclosed to Armed Forces personnel:
    • Activities deemed necessary by appropriate military command authorities.
    • The purpose of a determination by the Department of Veterans Affairs of the patient’s eligibility for benefits.
    • Foreign military authority if a patient is a member of foreign military services.
    • Authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others legally authorized.
  • Workers’ Compensation: PHI may be disclosed to comply with workers’ compensation laws and other similar legally established programs.
  • Inmates: PHI may be disclosed if the patient has been an inmate in a correctional facility and the patient’s physician created or received the patient’s PHI in the course of providing care.
  • Required Uses and Disclosures: Under the law, the System must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of Section 164.500 et. Seq.

Complaints

If you believe your privacy rights have been violated, please contact the Methodist Children’s Home, Methodist Children’s Behavioral Hospital-Maumelle, Methodist Counseling Clinic, Arkansas C.A.R.E.S., and Methodist Children’s Behavioral Hospital-Jonesboro and/or the Office for Civil Rights, Region VI (U.S. Department of Health & Human Services):

Office for Civil Rights
U.S. Department of HHS
1301 Young Street, Suite 1169
Dallas, TX 75202
(214) 767-4056; (214) 767-8940
(214) 767-0432 Fax

You may contact our Chief Privacy Officer and/or Chief Security Officer for further information about the complaint process.

Jennifer Horner, MSHI, RHIA
Chief Privacy Officer, Methodist Family Health
1601 Murphy Drive
Maumelle, AR 72113
Phone: (501) 906-4314
Toll-free 866-813-3388
jhorner@methodistfamily.org

Keven Burress
Chief Security Officer, Methodist Family Health
1600 Aldersgate Road, Suite 200
Little Rock, AR 72205
Phone: (501) 906-4215
Toll-free 800-756-3709
kburress@methodistfamily.org

To receive a full copy of the notice you may request it from Methodist Family Health via paper or electronic version.

This notice was published and effective on April 14, 2003.

Updated April 2025.

Visit Request Medical Records to obtain yours.

SHINE: Methodist Family Health