Privacy at Arnot Health
Significant provisions of the Act are standards for the privacy of protected individual health information, the electronic transmissions of health information and the security of this information. HIPAA requires changes in how healthcare information is handled, transferred and stored within the institution. It requires ongoing review and modification of systems, policies, procedures and most importantly behavior.
What does this mean for patients?
For patients the enactment of HIPAA is intended to provide more information with which to make informed choices when seeking healthcare and a better understanding of how their personal health information may be used. HIPAA gives patients the right to examine and request copies of their own health records, request corrections and to find out if and how their personal health information has been used for purposes other than treatment.
What does HIPAA mean for hospitals?
Hospital compliance with HIPAA is NOT optional. Penalties for failing to comply with regulatory requirements or for the wrongful disclosure of protected health information can be severe with fines and prison sentences resulting from the most serious violations.
HIPAA guidelines are also intended to provide healthcare institutions with improved administrative efficiencies, reduced paperwork by promotion of electronic standards, reduced costs in the long run and more assurance that the confidentiality, availability, and integrity of healthcare information is safeguarded.
What is Arnot Health doing about HIPAA?
At Arnot Health the privacy and confidentiality of our patient's personal health information is taken very seriously. Policies and procedures are already in place to help assure the privacy of those who seek care in our institution. The HIPAA guidelines will assist us in fine tuning our privacy and confidentiality policies to better serve our patients.
Who should you contact at Arnot Health if you have a question regarding HIPAA, or want to report a possible violation?
Contact our Chief Information Officer at 607-737-4511, Director of Medical Records at 607-737-4208, or Privacy Officer at 607-737-4469.
What does it mean for the media?
HIPAA privacy standards have specific provisions for the release of limited "directory" information. Directory information includes:
- the patient's name
- the patient's condition, described in general terms that do not communicate specific information about the individual
- the patient's religious affiliation (for clergy only)
In order for members of the news media to receive information from the patient directory, the following must happen:
- Reporter must supply patient's name.
- The family or patient must have NOT "opted-out" of patient directory.
If the above conditions are met, general condition information may be provided, as long as it does not communicate specific information about the individual. Information such as a patient's age and nature and extent of injuries will not be provided. When accidents occur, the media should call the Community Relations and Public Affairs Department for a condition report or during non-office hours contact the Nursing Supervisor. Reporters should obtain the patient's name from officials at the scene or through other means.
Arnot Health will use the following one-word descriptions of a patient's condition.
Undetermined - Patient awaiting physician assessment.
Good - Vital signs are stable and within normal limits. Patient is conscious and comfortable. Indicators are excellent.
Fair - Vital signs are stable and within normal limits. Patient is conscious but may be uncomfortable. Indicators are favorable.
Serious - Vital signs may be unstable and not within normal limits. Patient is acutely ill. Indicators are questionable.
Critical - Vital signs are unstable and not within normal limits. Patient may be unconscious. Indicators are unfavorable.
Treated and Released - received treatment but not admitted
Minor children (under the age of 18) may have information released only with the consent of a parent or legal guardian, in accordance with the preceding guidelines.
Information may not be released in instances where releasing information about any patient associated with the commission of a crime or where the safety and security of both patients and hospital personnel may be jeopardized.
The death of a patient may be announced and/or confirmed by Public Relations after family has been notified and consent has been obtained. Reporters are encouraged to obtain this information from police departments.
Police reports and other information about hospital patients often are obtained by media. The claim is frequently made that once information about a patient is in the public domain, the media is entitled to any and all information about that individual. This is not true. Healthcare providers are required to observe the general prohibitions against releasing protected health information (PHI) about patients found in the HIPAA privacy standards, state statutes or regulations and the common law, regardless of what information is in the hands of public agencies or the public in general. Requests for PHI from the media on grounds that a public agency, such as law enforcement, is involved in the matter will be denied.
We are committed to keeping secure the data you provide us, and will take reasonable precautions to protect your personally identifiable information from theft, loss, misuse or alteration. Agents or contractors of the web site, who have access to your personally identifiable information to permit them to provide services for us, are required to keep the information confidential and are not permitted to use this information for any other purpose than to perform those services for us.
The information provided to the web site covered by this policy is protected in transit by using a network protocol called Secure Sockets Layer (SSL). SSL is the industry standard technology for secure online transactions. Transactions are processed only from secure browsers. These browsers encrypt the information sent using SSL, which scrambles the data to make it extremely difficult for anyone who intercepts the information to read it. All transactions are processed through Authorize.net.