Effective Date: December 1, 2009
Summary
At UPMC, we are committed to protecting the privacy of your medical information, as federal and state
laws require. When we say “information,” we mean health, treatment, or payment information that identifies
you. Attached is UPMC’s “Notice of Privacy Practices.” The Notice explains how we meet this commitment.
The Notice also explains your legal rights about what is in your health record. All people and places
that make up UPMC must follow the Notice. However, this does not include UPMC Health Plan or UPMC as an
employer. This Summary tells you in brief what the Notice says. THIS SUMMARY IS NOT A COMPLETE LISTING
OF HOW WE USE AND DISCLOSE (SHARE) YOUR HEALTH INFORMATION. IF YOU HAVE A QUESTION ABOUT ANY OF THE
INFORMATION IN THIS SUMMARY, YOU SHOULD REVIEW THE FULL NOTICE OF PRIVACY PRACTICES OR ASK A UPMC STAFF
MEMBER FOR MORE INFORMATION. UPMC has the right to change this Summary and the Notice without
first notifying you.
How UPMC may use and share your health information
Without your consent, UPMC can use and share your health information to:
- Provide you with medical treatment and other services.
- Receive payment from you, an insurance company, or someone else for services we provide
to you.
- Coordinate your care, which may include such things as giving you appointment reminders and
telling you about other treatment options.
- Contact you for certain marketing and fundraising activities, unless otherwise indicated by
you.
- Comply with the law.
- Meet special situations as described in the Notice, such as public health, safety, and
research.
- Exception: This does not include behavioral health, drug and alcohol, and AIDS/HIV
information.
Unless you object, UPMC can:
- Include your name and other information in the hospital directory.
- Share your health information with a family member or a close personal friend.
All other uses and sharing of your health information will be done only with your specific written
permission or as required by law.
Your legal rights about your health information
- Right to ask to see and copy your medical record
- Right to ask that incorrect or incomplete information in your medical record be corrected
- Right to ask for a list of all people and organizations who UPMC disclosed your health
information to, subject to limits permitted by law
- Right to ask UPMC to limit how we use and share your health information without your consent
- Right to ask for confidential communications
- Right to ask for a paper copy of the Notice of Privacy Practices
Violation of privacy rights
If you believe your privacy rights have been violated, you have a right to file a complaint. Please
see UPMC’s Notice of Privacy Practices for more details.
In the event that a breach of your protected health information occurs at UPMC or one of its
Business Associates, you will be provided written notification as required by law.
Full Notice
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED (SHARED) AND HOW
YOU CAN GET ACCESS TO (SEE AND COPY) THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
What is a notice of privacy practices?
UPMC understands that your health information is personal.We create and maintain a record with
information about the care and services you receive at UPMC. We need this information to provide you
with quality care and to comply ith the law. This Notice of Privacy Practices (Notice) applies to all
information about your care that UPMC, and all of the people and places that make up UPMC, (a list of
entities that this notice covers accompanies this notice below) may create, maintain, or receive.
This includes information that UPMC receives from other doctors and medical facilities that are not
part of UPMC, but that UPMC keeps to help give you better care. The Notice tells you about the ways we
may use and share your health information, as well as the legal duties we have about your health
information. The Notice also tells you about your rights under federal (United States) and state
(Pennsylvania) laws. In this Notice, the words “we,” “us,” and “our” mean UPMC and all the people and
places that make up UPMC which are described below.
Who follows UPMC’s Notice of Privacy Practices?
All of the people and places that make up UPMC follow this Notice. UPMC includes hospitals,
doctors, rehabilitation services, skilled nursing services, home health services, pharmacy services,
laboratory services and other related health care providers. UPMC also includes departments, units,
and staff within our health care facilities, health care professionals permitted by us to provide
services to you, and students, residents, trainees, volunteers, and others involved in providing your
care. UPMC may share and use your health information for purposes of treating you, obtaining payment
for services provided to you, and/or health care operations as described in this Notice. You can learn
more about UPMC at www.upmc.com.
This Notice does not apply to the UPMC Health Plan or UPMC as an employer. These UPMC entities are
separate covered entities for the purpose of the Health Insurance Portability and Accountability Act
(HIPAA) and have their own Notice. Additionally, if your doctor is not a member of a physician
practice that is owned by UPMC, he or she may have different policies about how to handle your
information and will have a separate Notice.
Our duty to protect your health information
We are required by law to:
- make sure that information that identifies you is kept private.
- make available to you this Notice that describes the ways we use and share your health
information as well as your rights under the law about your health information.
- follow the Notice that is currently in effect.
How we may use and share your health information with others
The law permits us to use and share your health information in certain ways. When we share this
information with others outside of UPMC, we will share what is reasonably necessary. When we act in
response to your written permission, share information to help treat you, or are directed by the
law, we will share all information that you, your health care provider, or the law permits or
requires. The list below tells you about different ways that we may use your health information and
share it with others. We have also provided you with examples of what we mean. Every possible example
of how we may use or share information is not listed below. However, all of the ways we are permitted
to use and share information fall into one of the groups below. When possible, we will use health
information that does not identify you.
- Ways We Are Allowed to Use and Share Your Health Information With Others Without Your
Consent or as the UPMC General Consent for Treatment, Payment, and Health Care Operations
Provides:
- Treatment. We may use your health information to give you medical treatment or services.
We may share your health information with people and places that provide treatment to you. For
example, if you have diabetes, the doctor may need to tell the dietitian about your diabetes so
that you get the kind of meals you need. We may share health information about you with people
outside of UPMC who provide follow-up care to you, such as nursing homes and home care
agencies. At all times, we will comply with any regulations that apply.
- Payment. In order to receive payment for the services we provide to you, we may use
and share your health information with your insurance company or a third party. We also may
share your health information with another doctor or facility that has treated you so that
they can bill you, your insurance company, or a third party. For example, some health plans
require your health information to pre-approve you for surgery and require pre-approval
before they pay us.
- Health Care Operations. We may use and share your health information so that we, or
others that have provided treatment to you, can better operate the office or facility.
For example, we may use your health information to review the treatment and services we
gave you and to see how well our staff cared for you. We may share your health information
with our researchers so they can develop plans to conduct research. We may share information
with our students, trainees, and staff for review and learning purposes.
- Business Associates. We may share your health information with others called “business
associates,” who perform services on our behalf. The Business Associate must agree in writing
to protect the confidentiality of the information. For example, we may share your health
information with a billing company that bills for the services we provided.
- Appointment Reminders. We may use and share your health information to remind you
of your appointment for treatment or medical care. For example, if your doctor has sent you
for a test, the place where the testing will be done may call you to remind you of the
date you are scheduled.
- Treatment Options and Other Health-Related Benefits and Services. We may use and share your
health information to tell you about possible treatment options and other health-related
benefits and services that may interest you. For example, if you suffer from an illness
or condition, we may tell you about a special treatment or research study that is being offered.
- Fundraising Activities. We may use and share with a Business Associate or a foundation
that is related to us your name, address, phone number, and other such information (called
“demographic information”) and dates that health care was provided to you. You may then be asked
for a donation to UPMC. For example, you may receive a letter from a UPMC foundation asking
for a donation to support enhanced patient care, treatment, education or research at UPMC.
Any fund-raising materials will explain how you can tell us, a business associate, or a
foundation that you do not want to be contacted in the future.
- Marketing Activities. We may use or share your health information for marketing purposes
without your permission when we discuss such products or services with you face to face or to
provide you with an inexpensive promotional gift related to the product or service. For
example, you may receive samples of products or drugs during a visit to a UPMC hospital
or facility. For other types of marketing activities we will obtain your written permission
before using or sharing your health information. We will not sell your name or any
identifiable health information to others without your authorization.
- Research. We may use and share your health information for research 1) if our researcher
obtains permission from a special UPMC committee that decides if the request meets certain
standards required by law; or 2) if you provide us with your written permission to do so. You
may participate in a research study that requires you to obtain hospital and other health
care services. In this case, we may share the information that we create 1) to our researcher
who ordered the hospital or other health care services; and 2) to your insurance company in
order to receive payment for services that your insurance will pay for. We may use and share
with a UPMC researcher your health information if certain parts of your information
that would identify you, such as your name and other items that the law describes are removed
before we share it with the UPMC researcher. This will be done when the researcher signs a
written agreement with us that the researcher will not share the information again, will
not try to contact you, and will obey other requirements that the law provides.We may also
share your health information with a Business Associate who will remove information that
identifies you so that the remaining information can be used for research.
- Special Situations. In the following situations, the law either permits or requires us
to use or share your health information with others. Pennsylvania law may further limit
these disclosures; for example, in cases of behavioral health information, drug and
alcohol treatment information, and HIV status:
- As Required by Law. We will share your health information when federal, state,
or local law requires us to do so.
- If we believe that you have been a victim of abuse, neglect (except
child abuse or neglect) or domestic violence, we may share your health
information with an authorized government agency. We will do so either if
you agree to our sharing this information or if the law allows us to do
so and we believe that we need to share the information in order to
protect you or someone else. If we decide to share your health information
for this purpose, we will tell you unless we believe that telling you
would put you at risk of harm or you are a personal representative of
the victim and may be involved in the abuse, neglect, or injury.
- We may share your health information in response to an administrative
or court order, a subpoena, a discovery request, or other legal process if
we are advised that you have been made aware of the request or we receive
notice either that you agree or, if you disagree with the request, that
you are taking action to prevent the disclosure.
- We may share your health information with a law enforcement official
or authorized individuals 1) to comply with laws, including laws that
require the reporting of injury or death suspected to have been caused
by criminal means; 2) in response to a court order, warrant, subpoena,
or summons; 3) or in emergency situations.
- If asked to do so by a law enforcement official, we may share your health
information if you are an adult victim of a crime and, in certain limited
cases, we are unable to obtain your permission and the law enforcement
official meets certain conditions described by law.
- To Prevent a Serious Threat to Health or Safety. We may use and share your health
information with persons who may be able to prevent or lessen the threat or help
the potential victim of the threat when doing so is necessary to prevent a serious
threat to the health and safety of you, the public, or another person. Pennsylvania
law may require such disclosure when an individual or group has been specifically
identified as the target or potential victim.
- Organ and Tissue Donation. To assist in the process of eye, organ or tissue
transplants, in the event of your death, we may share your health information
with organizations that obtain, store, or transplant eyes, organs, or tissue.
- Special Government Purposes. We may use and share your health information
with certain government agencies, such as:
- Military and Veterans. We may share your health information
with military authorities as the law permits if you are a member of
the armed forces (of either the United States or a foreign government).
- National Security and Intelligence. We may share your health
information with authorized federal officials for intelligence,
counter-intelligence and other national security activities
authorized by law.
- Protective Services for the President and Others. We may share
your health information with authorized federal officials to protect
the President of the United States, other authorized persons, or
foreign heads of state. We may also share your health information for
purposes of conducting special investigations as authorized by law.
- Workers’ Compensation. We may share your health information for Workers’
Compensation or similar programs that provide benefits for work-related
injuries or illness.
- Public Health. We may share your health information with public health
authorities for public health purposes to prevent or control disease, injury,
or disability. This includes, but is not limited to, reporting disease, injury,
and important events such as birth or death, and conducting public health monitoring,
investigations, or activities. For example, we may share your health information to
1) report child abuse or neglect; 2) collect and report on the quality, safety, and
effectiveness of products and activities regulated by the Food and Drug Administration
(FDA) (such as drugs and medical equipment, and could include product recalls,
repairs, and monitoring); or 3) notify a person who may have been exposed to or
is at risk of spreading a disease.
- Health Oversight. We may share your health information with a health
oversight agency for purposes of 1) monitoring the health care system; 2)
determining benefit eligibility for Medicare, Medicaid, and other government
benefit programs; and 3) monitoring compliance with government regulations and
civil rights laws.
- Coroners, Medical Examiners, and Funeral Directors. We may share your health
information with a coroner or medical examiner in order to identify a deceased
person, determine the cause of death, or for other reasons allowed by law. We also
may share your health information with funeral directors, as necessary, so they
can carry out their duties.
- Inmates. If you are an inmate of a correctional institution or under the
custody of a law enforcement official, we may share your health information with
the correctional institution or law enforcement official. This would be necessary
1) for the institution to provide you with health care; 2) to protect your health
and safety or the health and safety of others; or 3) for the safety and security
of the correctional institution.
- Other Ways We Are Allowed to Use and Provide Your Health Information to Others
- Hospital Directory. We may include limited information about you in the
hospital directory while you are a patient at a UPMC hospital or other facility.
The information may include your name, location in the building, general condition,
such as “stable,” “serious,” “critical,” and your religious affiliation. Except
for your religious affiliation, the directory information may be released to people
who ask for you by name. We may give your religious affiliation to a member of the
clergy, such as a priest or rabbi, even if they don’t ask for you by name. This
helps your family, friends, and clergy who visit you to know how you are doing.
You have the right to ask that all or part of your information not be given out.
If you do so, we will not be able to tell your family or friends your room number
or that you are in the hospital or facility.
- People Involved in Your Care or Payment for Your Care. We may share your
health information with a friend, family member, or another person identified
by you who is involved in your medical care or the payment of your medical care.
We may share your health information with these persons if you are present or
available before we share your health information with them and you do not object
to our sharing your health information with them, or we reasonably believe that
you would not object to this. If you are not present and certain circumstances
indicate to us that it would be in your best interests to do so, we will share
information with a friend or family member or someone else identified by you,
to the extent necessary. This could include sharing information with your family
or friend so that they could pick up a prescription or a medical supply. We may
tell your family or friends that you are in a UPMC hospital and your general
condition. We may share medical information about you with an organization assisting
in a disaster relief effort.
- Exception to the Above. If you are a patient in a psychiatric/mental/behavioral
health facility or a drug and alcohol facility, none of the above information
will be given to anyone outside of UPMC unless you give your written permission.
If you are under 14 years of age, this permission must come from your parents
or legal guardians. If you are 14 years or older, this permission must come
from you.
- In All Other Ways, We Will Require Your Written Permission Before Your Health
Information Is Used or Shared With Others
Except as stated in Sections A and B, your written permission is required
before we can use or share your health information with anyone outside of UPMC.
This permission is provided through a form. If you give us permission to use or
share health information about you, you may cancel that permission, in writing,
at any time. If you cancel your permission, we will no longer use or share your
health information for the reasons you have given us in your written permission.
However, we are unable to take back any information that we have already shared
with your permission.
Your Rights Concerning Your Health Information
The law gives you the following rights about your health information:
- Right to Ask to See and Copy. You have the right to ask to see and copy the
health information we used to make decisions about your care. Your request must be
in writing and given to your doctor or the place where you were treated. You can
call your doctor’s office or the place where you were treated to find out how to
do this. If you ask to see or copy your health information, you may have to pay fees
as permitted by law. We may tell you that you cannot see or copy some or all of your
health information. If we tell you this, you may ask that someone else at UPMC
review this decision. A licensed health care professional chosen by UPMC will
review those that can be reviewed. This person will not be the same person who
refused your request. We will do whatever this person decides.
- Right to Ask for a Correction. If you feel that health information we have
about you is incorrect or incomplete, you may ask us to correct the information.
You have the right to ask for a correction for as long as the information is kept
by or for UPMC. You must put your request in writing and give it to your doctor or
the place where you received care. If you do not ask in writing or give your
reasons in writing, we may tell you that we will not do as you have asked. We
have the right to refuse your request if you ask us to correct information that 1)
was not made by us, unless the person or place that originally made the information
is no longer available to make the correction; 2) is not part of the health information
kept by or for UPMC; 3) is not part of the information you are permitted by law to
see and copy; or 4) we decide is correct and complete.
- Right to Ask for an "Accounting of Disclosures."
- Generally. You have the right to ask us for an “accounting of
disclosures.” This is a list of those people and organizations who have
received or have accessed your health information. This right does not
include information made available for treatment, payment, or health care
operations, or made available when you have provided us with permission to
do so. You must put your request in writing and give it to your doctor or
the place where you received care. You can call your doctor’s office or
the place where you received care to find out how to ask for the list. You
must include in your written request how far back in time you want us to
go, which may not be longer than six years.
- Information that is Maintained Electronically. Subject to a schedule
established by federal law, if we maintain your health information
electronically (in our computer), you have the right to ask for an
accounting of disclosures of where UPMC disclosed your health information.
In accord with federal law, you may request an accounting for a period
of three years prior to the date the accounting is requested. You also
have the right to ask our business associates for an accounting of their
disclosures. We will post a list of all of our business associates and
how to contact them on our website.
- Right to Ask for Limits on Use and Sharing.
- Generally. You have the right to ask us to limit the health information
we use or share with others about you for treatment, payment, or health care
operations. You also have the right to ask us to limit health information that
we share with someone who is involved in your care or payment for your care,
like a family member or friend. You can call your doctor’s office or the place
where you received your care to get instructions on how to submit such a request.
In your request, you must tell us 1) what information you want to limit; 2) whether
you want to limit our use, disclosure or both; and 3) the person or institution
the limits apply to (for example, your spouse). For example, you could ask that we
not use or share information about a surgery you had. You must put your request
in writing and give it to your doctor or the place where you received your
care. We are not required to agree to your request. If we do agree to your request,
we still may provide information, as necessary, to give you emergency treatment.
- Services Paid For by You. Where you have paid for your services out of pocket
in full, at your request, we will not share information about those services with a
health plan for purposes of payment or health care operations. “Health plan” means
an organization that pays for your medical care.
- Right to Ask for Confidential Communications. You have the right to ask that we
contact you about your health information in a certain way or at a certain location
that you believe provides you with greater privacy. For example, you can ask that we
contact you at work or by mail. Your request must state how or where you wish to be
contacted. You must make your request in writing to your doctor or the place where you
received care. You do not need to provide a reason for your request. We will comply
with all reasonable requests.
- Right to Ask for a Paper Copy of This Notice. You may ask us to give you a copy
of this Notice at any time. Even if you have agreed to receive this Notice electronically
(for example, through the computer), you still have the right to a paper copy of this
Notice. You can get a copy of this Notice at our website. To obtain a paper copy of this
Notice, contact your doctor’s office or the registration department of the place where
you received care.
Violation of Privacy Rights
In the event that a breach of your protected health information occurs by UPMC or one of its
Business Associates, you will be provided with written notification as required by law.
If you believe your privacy has been violated by us, you may file a complaint directly with us.
You can do this by contacting the UPMC Privacy Officer at the hospital or facility where you
received care or by calling the UPMC Compliance HelpLine at 1-877-983-8442.
You also may file a complaint with the Secretary of the U.S. Department of Health and Human
Services. To file a complaint with the Secretary of Health and Human Services, you must 1) name
the UPMC place or person that you believe violated your privacy rights and describe how that
place or person violated your privacy rights; and 2) file the complaint within 180 days of when
you knew or should have known that the violation occurred. All complaints to the Secretary of
the U.S. Department of Health and Human Services must be in writing and addressed to:
U.S. Department of Health and Human Services
200 Independence Ave. S.W.
Washington, DC 20201
You will not be penalized for filing a complaint.
Changes to This Notice
We reserve (have) the right to change this Notice. We reserve (have) the right to make the
revised or changed Notice effective for health information we already have about you and for any
future health information. We will post a copy of the revised Notice in the places where we
provide medical services. The Notice will contain the effective date on the first page, in the
top right-hand corner. We will provide to you, if you ask us, a copy of the Notice that is
currently in effect each time you register at UPMC as an inpatient or outpatient for treatment
or health care services.
If You Have Questions About This Notice
If you have any questions about this Notice, please contact your doctor or the place where
you received care. You also may contact UPMC’s Notice of Privacy inquiry line at 412-647-6286.
Entities Covered by UPMC's Notice of Privacy Practices
UPMC's Notice of Privacy Practices covers all organizations under the control of UPMC,
including, but not limited to:
UPMC Hospitals
UPMC Surgery Centers
Other UPMC Facilities & Entities
- Allegheny Anesthesiology Associates
- UPMC Cancer Centers
- Chartwell LLC
- Community Medicine Incorporated
- Diversified Services managed by UPMC
- UPMC HomeCare
- Physician Services Division
Affiliates
- Credentialed Medical Staff Physicians
- UPMC Cancer Centers joint ventures:
- UPMC/HVHS Cancer Center
- UPMC/Jameson Cancer Center
- Mountain View Cancer Associates LLP – Arnold Palmer Pavilion
- Fayette Cancer Associates – Robert E. Eberly Pavilion
- Radiation Oncology Center at Jefferson Regional Medical Center
Skilled Nursing, Retirement, and Long-term Care Freestanding Facilities
