Body

HIPAA Notice Of Privacy Practices

Garnet Health is committed to ensuring the privacy and security of patient health information. We understand that medical information about you and your health is personal.

To support our commitment to patient confidentiality, Garnet Health will ensure that the appropriate steps are taken to disclose only the minimum amount of protected health information necessary to accomplish the particular use or disclosure, as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other applicable federal, state, and/or local laws and regulations.

Effective Date: July 2013
Updated 2023

Garnet Health
HIPAA Notice Of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. 

If you have any questions about this notice, please contact HIPAA Privacy Officer using the information at the top of the page.

Aviso de Politica de Prácticas de Privacidad Según la ley HIPAA - Español (PDF) (12/5/2023)

 

WHAT IS THE NOTICE OF PRIVACY PRACTICES (NOPP)?

The NOPP explains how we, Garnet Health, fulfill our commitment to respect the privacy and confidentiality of your protected health information. This NOPP explains how we may use and share your protected health information, as well as the legal obligations we have regarding your protected health information, and about your rights under federal and state laws. The NOPP applies to all records maintained by Garnet Health facilities, regardless of whether the record is written, computerized or in any other form. We are required by law to make sure that information that identifies you is kept private and to make this NOPP available to you. In this NOPP, the term “protected health information” refers to individually identifiable information about you, which may include:

  • Information about your health condition (such as medical conditions and test results you may have)
  • Information about healthcare services you have received or may receive in the future (such as a surgical procedure)
  • Information about your healthcare benefits under an insurance plan (such as whether a prescription is covered)
  • Geographic information (such as where you live or work)
  • Demographic information (such as your race, gender, ethnicity or marital status)
  • Unique numbers that may identify you (such as Social Security number, phone numbers or driver’s license number)

Who Will Follow This Notice:

This notice describes the practices of Garnet Health. Garnet Health includes: Garnet Health Medical Center, Garnet Health Medical Center – Catskills, Garnet Health Doctors, and Garnet Health Urgent Care. The privacy practices described in this NOPP will be followed by all healthcare professionals, employees, medical staff, residents, trainees, students, volunteers and business associates of Garnet Health.

Our Pledge Regarding Medical Information

We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. We create a record of the care and services you receive at Garnet Health facilities. We need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the records of your care generated by Garnet Health personnel or your personal doctor. Your personal doctor may have different policies or notices regarding the doctor's use and disclosure of your medical information created in the doctor's office.
This notice will tell you about the ways in which we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of medical information.
We are required by law to:

  • make sure that medical information that identifies you is kept private;
  • post the notice of privacy practices in key patient care areas;
  • provide this notice to you regarding our legal duties and privacy practices with respect to your medical information; and
  • follow the terms of the notice that is currently in effect.

Organized Health Care Arrangement:

The facility and its medical staff members have organized and are presenting you this document as a joint notice. Examples include physician services in the emergency department, radiology, etc. Information will be shred as necessary to carry out treatment, payment and health care operations. Physicians and caregivers may have access to protected health information in their offices to assist in billing practices and reviewing past treatment as it may affect treatment at the time.

How We May Use and Disclose Medical Information About You.

The following categories describe different ways that we use and disclose medical information. For each category of uses or disclosures we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.

For Treatment: We may use medical information about you to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, medical students, or other personnel who are involved in taking care of you at Garnet Health. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietician if you have diabetes so that we can arrange for appropriate meals. Different departments of Garnet Health also may share medical information about you in order to coordinate the different things you need, such as prescriptions, lab work and x-rays. We also may disclose medical information about you to people outside Garnet Health who may be involved in your medical care after you leave Garnet Health, such as family members, clergy or others we use to provide services that are part of your care. This information may also be electronically shared with outside organizations for the purpose of treatment.

For Payment: We may use and disclose medical information about you so that the treatment and services you receive at Garnet Health may be billed to and payment may be collected from you, an insurance company or a third party. For example, we may need to give your health plan information about surgery you received at Garnet Health so your health plan will pay us or reimburse you for the surgery. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment. You may be contacted by various departments in order to facilitate services and payment for services. You may restrict disclosures by us of medical information to your health plan regarding services you paid for yourself in full.

For Health Care Operations: We may use and disclose medical information about you for Garnet Health operations. These uses and disclosures are necessary to run Garnet Health and make sure that all of our patients receive quality care. For example, we may use medical information to review our treatment and services and to evaluate the performance of our staff in caring for you. We may also combine medical information about many hospital patients to decide what additional services Garnet Health should offer, what services are not needed, and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, medical students, and other Garnet Health personnel for review and learning purposes. We may also combine the medical information we have with medical information from other hospitals to compare how we are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of medical information so others may use it to study health care and health care delivery without learning who the specific patients are.

Appointment Reminders: We may use and disclose medical information to contact you as a reminder that you have an appointment for treatment or medical care at Garnet Health

Treatment Alternatives: We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.

Health-Related Benefits and Services: We may use and disclose medical information to tell you about health-related benefits or services that may be of interest to you.

Fundraising Activities: We may use medical information about you to contact you in an effort to raise money for Garnet Health and its operations. We may disclose medical information to a foundation related to Garnet Health so that the foundation may contact you in raising money for Garnet Health. We would only release contact information, such as your name, address and phone number and the dates you received treatment or services at Garnet Health. If you do not want Garnet Health to contact you for fundraising efforts, you may opt out of such efforts by following the procedures described in fundraising letters you receive, or by notifying the Garnet Health Foundation or Garnet Health Foundation – Catskills in writing.

Hospital Directory: If you do not object, we will include your name, your location in our facility, your general condition (e.g. fair, stable, etc.) and your religious affiliation in our Patient Directory while you are a patient in the hospital. This directory information, except for your religious affiliation, may be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if he or she doesn't ask for you by name. This is so your family, friends and clergy can visit you in Garnet Health and generally know how you are doing.

Family and Friends Involved in Your Care: If you do not object, subject to New York law, we may share your health information with a family member, relative, or close personal friend who is involved in your care as the surrogate decision maker for your care. We may also share information with a family member, relative, or close personal friend who is involved in payment for that care. We may also notify a family member, personal representative or another person responsible for your care about your location and general condition here at Garnet Health. In some cases, we may need to share your information with a disaster relief organization that will help us notify these persons.

Research: Under certain circumstances, we may use and disclose medical information about you for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of medical information, trying to balance the research needs with patients' need for privacy of their medical information. Before we use or disclose medical information for research, the project will have been approved through this research approval process, but we may, however, disclose medical information about you to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs, so long as the medical information they review does not leave Garnet Health. We will almost always ask for your specific permission if the researcher will have access to your name, address or other information that reveals who you are, or will be involved in your care at Garnet Health.

Business Associates: In certain cases, we will provide your information to contractors, agents and other parties who need the information in order to perform a service for us, such as obtaining payment for health care services or carrying out business operations, such as medical transcription services. Another example is that we may share your information with an insurance company, law firm or risk management organization in order to maintain professional advice about how to manage risk and legal liability, including insurance or legal claims. However, you should know that in these situations, we require third parties to provide us with assurances that they will safeguard your information.

As Required By Law: We will disclose medical information about you when required to do so by federal, state or local law.

To Avert a Serious Threat to Health or Safety: We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.

SPECIAL SITUATIONS

Organ and Tissue Donation: We will release medical information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to determine and facilitate organ or tissue donation and transplantation.

Military and Veterans: If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.

Workers' Compensation: We may release medical information about you for workers' compensation or similar programs. These programs provide benefits for work-related injuries or illness.

Public Health Risks: We may disclose medical information about you for public health activities. These activities generally include the following:

  • to prevent or control disease, injury or disability;
  • to report births and deaths;
  • to report child abuse or neglect;
  • to report reactions to medications or problems with products;
  • to notify people of recalls of products they may be using;
  • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading disease or condition;
  • to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.

Health Oversight Activities: We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.

Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.

Law Enforcement: We may release medical information if asked to do so by a law enforcement official:

  • In response to a court order, subpoena, warrant, summons or similar process;
  • To identify or locate a suspect, fugitive, material witness, or missing person;
  • About a suspected victim of a crime if, under certain limited circumstances, we are unable to obtain the person's agreement;
  • About a death suspected to be the result of criminal conduct;
  • About criminal conduct at Garnet Health; and
  • In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.

Coroners, Medical Examiners and Funeral Directors: We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients of Garnet Health to funeral directors as necessary to carry out their duties.

National Security and Intelligence Activities: We may release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.

Protective Services for the President and Others: We may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.

Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.

Your Rights Regarding Medical Information About You.

You have the following rights regarding medical information we maintain about you:

Right to Inspect and Copy: You have the right to inspect and copy medical information that may be used to make decisions about your care. Usually, this includes medical and billing records, but does not include psychotherapy notes.

To inspect and copy medical information that may be used to make decisions about you, you must submit your request in writing to the, Health Information Management Department. Unless your request is denied, we will act on your request within thirty days if the requested information is maintained on-site, and within sixty days of your request if the information is not maintained on site. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request.

We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by Garnet Health will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.

Right to Amend: If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for Garnet Health.

To request an amendment, your request must be made in writing and submitted to Health Information Management Department. In addition, you must provide a reason that supports your request.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:

  • Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
  • Is not part of the medical information kept by or for Garnet Health;
  • Is not part of the information which you would be permitted to inspect and copy; or
  • Is accurate and complete.

Right to an Accounting of Disclosures. You have the right to request an "accounting of non-routine disclosures." This is a list of the disclosures we made of medical information about you. This would not include disclosures made for treatment, payment or hospital operations or disclosures where authorization has been obtained from you.

To request this list or accounting of disclosures, you must submit your request in writing to the, Health Information Management Department. Your request must state a time period which may not be longer than six years and may not include dates before April 1, 2003.

Your request should indicate in what form you want the list (for example, on paper, electronically). The first list you request within a 12 month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

Right to be Notified of Breach of Your Information: You have the right to be notified by Garnet Health or its business associates following any breach of your protected health information.

Right to Request Restrictions: You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had.

We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.

To request restrictions you must fill out the Request to Restrict Disclosure of PHI form, available from the Health Information Management Department. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse.

Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.

To request confidential communications, you must make your request in writing to the Garnet Health Privacy Officer. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.

Right to a Paper Copy of This Notice: Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.

Access a PDF copy of this Notice (12/5/2023)

Changes to This Notice

We reserve the right to change this notice and the privacy practices of the organizations covered by this NOPP without first notifying you. We reserve the right to make the revised or changed NOPP effective for protected health information we already have about you as well as any information we receive in the future. We will post a copy of the current notice in Garnet Health registration areas and on our website. To request a copy of the most recent NOPP, please contact Garnet Health’s Corporate Compliance Office at (845) 333-7179 or ask the registrar/receptionist for a copy at the time of your next visit. The current NOPP will also be posted to the Garnet Health website at www.garnethealth.org .

Complaints

If you believe your privacy rights have not been followed as directed by federal regulations and state law or as explained in this NOPP, you may file a complaint with Garnet Health or with the Secretary of the Department of Health and Humans Services. To file a complaint with Garnet Health, contact the Privacy Officer, Patient Advocate or VP of Medical Affairs/Medical Director. All complaints must be submitted in writing.

You will not be penalized for filing a complaint.

Others Uses of Medical Information.

Other uses and disclosures of medical information not covered by this notice or the laws that apply to us will be made only with your written authorization, on a Hospital authorization form. Specifically, uses and disclosures of your medical information for marketing purposes or involving a sale of your information will be made only with your written authorization. Likewise, most uses of psychotherapy notes require authorization. If you provide us authorization to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your authorization, and that we are required to retain our records of the care that we provided to you.