PDF Format, 1.1 MB

The broad mission and extensive scope of operations of the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp of Regents of the University System of Georgia, including the constituent colleges and universities of the University System of Georgia (collectively, the “¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp”), necessitates that the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp collect, maintain, and, where necessary, disseminate health information regarding the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp’s students, employees, volunteers, and others. For example, the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp collects medical information through its various medical and dental hospitals, clinics, and infirmaries, through the administration of its various medical and life insurance programs, and through its various environmental health and safety programs. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp protects the confidentiality of individually identifiable health information that is in its possession. Such health information, which is protected from unauthorized disclosure by ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp policies and by state and federal law, is referred to as “protected health information,” or “PHI.”

PHI is defined as any individually identifiable health information regarding an employee’s, a student’s, or a patient’s medical/dental history; mental or physical condition; or medical treatment. Examples of PHI include patient name, address, telephone and/or fax number, electronic mail address, social security number or other patient identification number, date of birth, date of treatment, medical treatment records, medical enrollment records, or medical claims records.

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp will follow the practices that are described in this Notice of Privacy Practices (“Notice”). The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp reserves the right to change the terms of this Notice and of its privacy policies, and to make the new terms applicable to all PHI that it maintains. Before the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp makes an important change to its privacy policies, it will promptly revise this Notice and post a new Notice in conspicuous locations.

Permitted Uses and Disclosures of PHI

The following categories describe the different ways in which the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use or disclose your PHI. We include some examples that should help you better understand each category.

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may receive, use, or disclose your PHI to administer your health and dental benefits plan. Please be informed that the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp, under certain conditions and circumstances, may use or disclose your PHI without obtaining your prior written authorization. An example of this would be when the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp is required to do so by law. Other examples are presented below.

For Treatment

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use and disclose PHI as it relates to the provision, coordination, or management of medical treatment that you receive. The disclosure of PHI may be shared among the respective healthcare providers who are involved with your treatment and medical care. For example, if your primary care physician needs to use/disclose your PHI to a specialist, with whom he/she consults regarding your condition, this would be permitted.

For Payment

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use and disclose PHI to bill and collect payment for healthcare services and items that you receive. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may transmit PHI to verify that you are eligible for healthcare and/or dental benefits. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may be required to disclose PHI to its business associates, such as its claims processing vendor, to assist in the processing of your health and dental claims. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose PHI to other healthcare providers and health plans for the payment of services that are rendered to you or to your covered family members by such providers or health plans.

For Healthcare Operations

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use and disclose PHI as part of its business operations. As an example, the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may require a healthcare vendor partner (referred to as a “business associate”) to survey and assess constituent satisfaction with healthcare plan design/coverage. Constituent survey results assist the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp in evaluating quality of care issues and in identifying areas for needed healthcare plan improvements. Business associates are required to agree to protect the confidentiality of your individually identifiable health information.

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose PHI to ensure compliance with applicable laws. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose PHI to healthcare/dental providers and health/dental plans to assist them with their required credentialing and peer review activities. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose PHI to assist in the detection of healthcare fraud and abuse. Please be reminded that the list of examples that are provided are not intended to be either exhaustive, or exclusive.

As Required by Law and Law Enforcement

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp must disclose PHI when required to do so by applicable law. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp must disclose PHI when ordered to do so in a judicial or administrative proceeding. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp must disclose PHI to assist law enforcement personnel with the identification/location of a suspect, fugitive, material witness, or missing person. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp must disclose PHI to comply with a law enforcement search warrant, a coroner’s request for information ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp his/her investigation, or for other law enforcement purposes.

For Public Health Activities and Public Health Risks

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose PHI to government agencies that are responsible for public health activities and to government agencies that are responsible for minimizing exposure to public health risks. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose PHI to government agencies that maintain vital records, such as births and deaths. Additional examples in which the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose PHI, as it relates to public health activities, include assisting in the prevention and control of disease; reporting incidents of child abuse or neglect; reporting incidents of abuse, neglect, or domestic violence; reporting reactions to medications or product defects; notifying an individual who may have been exposed to a communicable disease; or, notifying an individual who may be at risk of contracting or spreading a disease or condition.

For Health Oversight Activities

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose PHI to a government agency that is authorized by law to conduct health oversight activities. Examples in which the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose PHI, as it relates to health oversight activities, include assisting with audits, investigations, inspections, licensure or disciplinary actions, and other proceedings, actions or activities that are necessary to monitor healthcare systems, government programs, and compliance with civil rights laws.

Coroners, Medical Examiners, and Funeral Directors

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose PHI to coroners, medical examiners, and funeral directors for the purpose of identifying a decedent; for determining a cause of death; or, otherwise as necessary, to enable these parties to carry out their duties consistent with applicable law.

Organ, Eye, and Tissue Donation

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may release PHI to organ procurement organizations to facilitate organ, eye, and tissue donation and transplantation.

Research

Under certain circumstances, the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use and disclose PHI for medical research purposes.

To Avoid a Serious Threat to Health or Safety

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use and disclose PHI to law enforcement personnel or other appropriate persons. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use and disclose PHI to prevent or lessen a serious threat to the health or safety of a person or the public.

Specialized Government Functions

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use and disclose PHI for military personnel and veterans, under certain conditions, and if required by the appropriate authorities. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use and disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use and disclose PHI for the provision of protective services for the President of the United States, other authorized persons, or foreign heads of state. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use and disclose PHI to conduct special investigations.

Workers’ Compensation

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose PHI for worker’s compensation and similar programs. These programs provide benefits for work-related injuries or illnesses.

Appointment Reminders/Health Related Benefits and Services

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp and/or its business associates may use and disclose your PHI to various other business associates that may contact you to remind you of a healthcare or dental appointment. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use and disclose your PHI to business associates that will inform you of treatment program options, or, of other health related benefits/services such as disease state management programs.

Disclosures for HIPAA Compliance Investigations

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp must disclose your PHI to the Secretary of the United States Department of Health and Human Services (the “Secretary”) when so requested. The Secretary may make such a request of the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp to investigate its compliance with privacy regulations of the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Uses and Disclosures of Your PHI to Which You Have an Opportunity to Object

You have the opportunity to object to certain categories of uses and disclosures of PHI that the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may make:

Patient Directories

Unless you object, the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may use some of your PHI to maintain a directory of individuals in its hospitals or provider facilities. This information may include your name, your location in the facility, your general condition (e.g. fair, stable, etc.), and your religious affiliation. Religious affiliation may be disclosed to members of the clergy. Except for religious affiliation, the information that is maintained in a patient directory may be disclosed to other persons who request such information by referring to your name.

Disclosures to Individuals Involved in Your Health Care or Payment for Your Health Care

Unless you object, the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose your PHI to a family member, another relative, a friend, or another person whom you have identified as being involved with your healthcare, or, responsible for the payment of your healthcare. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may also notify these individuals concerning your location or condition.

Fundraising Activities

Unless you object, the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may disclose your PHI to contact you for fundraising efforts to support the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp, its related foundations, and/or its cooperative organizations. Such disclosure would be limited to personal contact information, such as your name, address and telephone number. The money raised in connection with these fundraising activities would be used to expand and support the provision of healthcare and related services to the community.

If you object to the use of your PHI in any, or all, of the three instances identified above, please notify your campus or facility privacy officer, in writing.

Other Uses and Disclosures of Your PHI For Which Authorization is Required

Certain uses and disclosures of your PHI will be made only with your written authorization. Please be advised that there are some limitations with regard to your right to object to a decision to use or disclose your PHI.

Regulatory Requirements

The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp is required, by law, to maintain the privacy of your PHI, to provide individuals with notice of the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp’s legal duties and PHI privacy practices, and to abide by the terms described in this Notice. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp reserves the right to change the terms of this Notice and of its privacy policies, and to make the new terms applicable to all PHI that it maintains. Before the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp makes an important change to its privacy policies, it will promptly revise this Notice and post a new Notice in conspicuous locations. You have the following rights regarding your PHI:

• You may request that the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp restrict the use and disclosure of your PHI. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp is not required to agree to any restrictions that you request, but if the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp does so, it will be bound by the restrictions to which it agrees, except in emergency situations.

• You have the right to request that communications of PHI to you from the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp be made by a particular means or at particular locations. For instance, you might request that communications be made at your work address, or by electronic mail, rather than by regular US postal mail. Your request must be made in writing. Your request must be sent to the privacy officer on your campus or facility. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp will accommodate your reasonable requests without requiring you to provide a reason for your request.

• Generally, you have the right to inspect and copy your PHI that the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp maintains, provided that you make your request in writing to the privacy officer on your campus or your facility. Within thirty (30) days of receiving your request (unless extended by an additional thirty (30) days), the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp will inform you of the extent to which your request has, or, has not been granted. In some cases, the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may provide you with a summary of the PHI that you request, if you agree in advance to a summary of such information and to any associated fees. If you request copies of your PHI, or agree to a summary of your PHI, the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp may impose a reasonable fee to cover copying, postage, and related costs.

• If the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp denies access to your PHI, it will explain the basis for the denial. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp will explain your opportunity to have your request and the denial reviewed by a licensed healthcare professional (who was not involved in the initial denial decision). This healthcare professional will be designated as a reviewing official. If the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp does not maintain the PHI that you request, but it knows where your requested PHI is located; it will advise you how to redirect your request.

• If you believe that your PHI maintained by the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp contains an error or needs to be updated, you have the right to request that the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp correct or supplement your PHI. Your request must be made in writing to the privacy officer on your campus or in your facility. Your written request must explain why you desire an amendment to your PHI.

• Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp will inform you of the extent to which your request has, or, has not been granted. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp generally can deny your request, if your request for PHI: (i) is not created by the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp, (ii) is not part of the records the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp maintains, (iii) is not subject to being inspected by you, or (iv) is accurate and complete.

• If your request is denied, the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp will provide you a written denial that explains the reason for the denial and your rights to: (i) file a statement disagreeing with the denial, (ii) if you do not file a statement of disagreement, to submit a request that any future disclosures of the relevant PHI be made with a copy of your request and the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp’s denial attached, and (iii) complain about the denial.

• You generally have the right to request and receive a list of the disclosures of your PHI that the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp has made at any time ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp the six (6) years prior to the date of your request (provided that such a list would not include disclosures made prior to April 14, 2003).

• The list will not include disclosure for which you have provided a written authorization, and will not include certain uses and disclosures to which this Notice already applies, such as those: (i) for treatment, payment, and health care operations, (ii) made to you, (iii) for the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp’s patient directory or to persons involved in your healthcare, (iv) for national security or intelligence purposes, or (v) to correctional institutions or law enforcement officials.

• You should submit any such request to the privacy officer on your campus or in your facility. Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp will respond to you regarding the status of your request. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp will provide the list to you at no charge. If you, however, make more than one request in a year, you will be charged a fee for each additional request. You have the right to receive a paper copy of this notice upon request, even if you have agreed to receive this notice electronically. This notice may be found at the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp website address, http://www.usg.edu/legal. To obtain a paper copy of this notice, please contact your campus or facility privacy officer.

• You may complain to the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp if you believe your privacy rights, with respect to your PHI, have been violated by contacting the privacy officer on your campus or in your facility. Your must submit a written complaint. The ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp will in no manner penalize you or retaliate against you for filing a complaint regarding the ¾º²Â×ãÇòapp,Âò×ãÇò¾º²Êapp’s privacy practices. You also have the right to file a complaint with the Secretary of the Department of Health and Human Services. You may contact the Secretary by calling 1-866-627-7748 (outside of metropolitan Atlanta) or (404) 562-7886 (in metropolitan Atlanta).

If you have any questions about this notice, please contact the Human Resources office on your campus or in your facility.

For additional information, please contact the privacy officer on your campus or facility.

Effective Date: April 14, 2003