Notice of RCH Privacy Practices
This notice describes how medical information about you may be used and
disclosed and how to get access to this information. Please review it
Who We Are
This notice describes the privacy practices of Redlands Community Hospital
(the Hospital), including members of its workforce, the physician members
of the medical staff, and allied health professionals who practice at
the Hospital. The Hospital and the individual health care providers together
are sometimes called us or we in this notice. While we engage in many
joint activities and provide services in a clinically integrated care
setting, we each are separate legal entities. This notice applies to services
furnished to you at 350 Terracina Boulevard, Redlands, California as a
Hospital inpatient or outpatient.
Our Privacy Obligations
Each of us is required by law to maintain the privacy of your health information
(Protected Health Information or PHI) and to provide you with this Notice
of our legal duties and privacy practices with respect to your Protected
Health Information. When we use or disclose your Protected Health Information,
we are required to abide by the terms of this notice (or other notice
in effect at the time of the use or disclosure).
Permissible Uses and Disclosures Without Your Written Authorization
In certain situations, which we will describe in Section IV, we must obtain
your written authorization in order to use and/or disclose your PHI. However,
we do not need any type of authorization from you for the following uses
Uses and Disclosures for Treatment Payment and Health Care Operations.
We may use and disclose PHI, but not your 'highly confidential information'
(defined in Section IV.C), in order to treat you, obtain payment for services
provided to you and conduct our
health care operations as detailed below:
We use and disclose your PHI to provide treatment and other services to
you. For example, to diagnose and treat your injury or illness. In addition,
we may contact you to provide appointment reminders or information about
treatment alternatives or other health-related benefits and services that
may be of interest to you. We may also disclose PHI to other providers
involved in your treatment.
We may use and disclose your PHI to obtain payment for services that we
provide to you. For example, disclosures to claim and obtain payment from
your health insurer, HMO, or other company that arranges or pays the cost
of some or all of your health care (your 'Payor') to verify that
your payor will pay for health care.
Health Care Operations
We may use and disclose your PHI for our health care operations, which
include internal administration and planning and various activities that
improve the quality and cost effectiveness of the care that we deliver
to you. For example, we may use PHI to evaluate the quality and competence
of our physicians, nurses and other health care workers. We may disclose
PHI to our Privacy Office Risk Management Officer in order to resolve
any complaints you may have and ensure that you have a comfortable visit with us.
We may also disclose PHI to your other health care providers when such
PHI is required for them to treat you, receive payment for services they
render to you, or conduct certain health care operations, such as quality
assessment and improvement activities, reviewing the quality and competence
of health care professionals, or for health care fraud and abuse detection
or compliance. In addition, we may share PHI with our business associates
who perform treatment, payment and health care operations services on
Use or Disclosure for Directory of Individuals in the Hospital.
We may include your name, location in the hospital, general health condition
and religious affiliation in a patient directory without obtaining your
authorization unless you object to inclusion in the directory or are located
in a specific ward, wing or unit where the identification of which would
reveal that you are receiving treatment for mental health and developmental
disabilities. Information in the directory may be disclosed to anyone
who asks for you by name or members of the clergy; provided, however,
that religious affiliation will only be disclosed to members of the clergy.
Disclosure to Relatives, Close Friends and Other Caregivers.
We may use or disclose your PHI to a family member, other relative, a close
personal friend or any other person identified by you when you are present
for, or otherwise available prior to, the disclosure, if we
(1) obtain your agreement;
(2) provide you with the opportunity to object to the disclosure and you do
not object; or
(3) reasonably infer that you do not object to the disclosure. If you are
not present, or the opportunity to agree or object to a use or disclosure
cannot practicably be provided because of your incapacity or an emergency
circumstance, we may exercise our professional judgment to determine whether
a disclosure is in your best interests. If we disclose information to
a family member, other relative or a close personal friend, we would disclose
only information that we believe is directly relevant to the person’s
involvement with your health care or payment related to your health care.
We may also disclose your PHI in order to notify (or assist in notifying)
such persons of your location or general condition.
Public Health Activities.
We may disclose your PHI for the following public health activities:
(1) to report health information to public health authorities for the purpose
of preventing or controlling disease, injury or disability;
(2) to report child abuse and neglect to public health authorities or other
government authorities authorized by law to receive such reports;
(3) to report information about products and services under the jurisdiction
of the U.S. Food and Drug Administration;
(4) to alert a person who may have been exposed to a communicable disease
or may otherwise be at risk of contracting or spreading a disease or condition; and
(5) to report information to your employer as required under laws addressing
work-related illnesses and injuries or workplace medical surveillance.
Victims of Abuse, Neglect or Domestic Violence.
If we reasonably believe you are a victim of abuse, neglect or domestic
violence, we may disclose your PHI to a governmental authority, including
a social service or protective services agency, authorized by law to receive
reports of such abuse, neglect, or domestic violence.
Health Oversight Activities.
We may disclose your PHI to a health oversight agency that oversees the
health care system and is charged with responsibility for ensuring compliance
with the rules of government health programs such as Medicare or Medicaid.
Judicial and Administrative Proceedings.
We may disclose your PHI in the course of a judicial or administrative
proceeding in response to a legal order or other lawful process.
Law Enforcement Officials.
We may disclose your PHI to the police or other law enforcement officials
as required or permitted by law or in compliance with a court order or
a grand jury or administrative subpoena.
We may disclose your PHI to a coroner or medical examiner as authorized by law.
Organ and Tissue Procurement.
We may disclose your PHI to organizations that facilitate organ, eye or
tissue procurement, banking or transplantation.
We may use or disclose your PHI without your consent or authorization if
our Institutional Review Board approves a waiver of authorization for
Health or Safety.
We may use or disclose your PHI to prevent or lessen a serious and imminent
threat to a person’s or the public’s health or safety.
Specialized Government Functions.
We may use and disclose your PHI to units of the government with special
functions, such as the U.S. military or the U.S. Department of State under
We may disclose your PHI as authorized by and to the extent necessary to
comply with California law relating to workers compensation or other similar programs.
As Required by Law.
We may use and disclose your PHI when required to do so by any other law
not already referred to in the preceding categories.
Uses and Disclosure Requiring Your Written Authorization
Use or Disclosure with Your Authorization.
For any purpose other than the ones described above in Section III, we
only may use or disclose your PHI when you grant us your written authorization on
our authorization form ('Your Authorization'). For instance, you will need to execute
an authorization form before we can send your PHI to your life insurance
company or to the attorney representing the other party in litigation
in which you are involved.
We must also obtain your written authorization ('Your Marketing Authorization')
prior to using your PHI to send you any marketing materials. (We can,
however, provide you with marketing materials in a face-to-face encounter
without obtaining Your Marketing Authorization. We are also permitted
to give you a promotional gift of nominal value, if we so choose, without
obtaining Your Marketing Authorization.) In addition, we may communicate
with you about products or services relating to your treatment, case management
or care coordination, or alternative treatments, therapies, providers
or care settings without Your Marketing Authorization.
Uses and Disclosures of Your Highly Confidential Information.
In addition, federal and state law requires special privacy protections
for certain highly confidential information about you, including the subset
of your PHI that:
(1) is maintained in psychotherapy notes;
(2) is about mental health and developmental disabilities services;
(3) is about alcohol and drug abuse prevention, treatment, and referral;
(4) is about HIV/AIDS testing, diagnosis or treatment;
(5) is about communicable disease(s);
(6) is about genetic testing;
(7) is about child abuse and neglect;
(8) is about domestic and elder abuse or
(9) is about sexual assault. In order for us to disclose your highly confidential
information for a purpose other than those permitted by law, we must obtain
your written authorization. In accordance with federal and California
law, there are specific situations in which highly confidential information
may be released without the patient’s authorization:
Substance Abuse Information May Be Released in the Following Situations:
- Program Personnel: Communication of information between or among personnel
who need such information to diagnose, treat, or refer for treatment of
alcohol or drug abuse, if the communications are within a program or between
a program and an entity that has direct administrative control over the program.
- Qualified Service Organizations: Communications between a program and a
qualified service organization of information needed by the organization
to provide services to the program
- Crimes on Program Premises or Against Program Personnel: Communications
from program personnel to law enforcement officers that are directly related
to a patient’s commission of a crime on program premises or against
program personnel or to a threat to commit such crime and are limited
to the circumstances of the incidents.
- Child Abuse Reports: Reports of suspected child abuse and neglect under
California law to the appropriate authorities.
- Veterans Administration and Armed Forces: Certain exceptions apply to records
and information maintained by the Veterans’ Administration and Armed Forces.
- Medical Emergencies: Information may be disclosed to medical personnel
who need the information to treat a condition which poses an immediate
threat to the health of any individual and which requires immediate medical
- Research Activities: Information may be disclosed for the purpose of conducting
scientific research if the program director determines that the recipient
of the patient-identifiable information is qualified to conduct the research
and has a research protocol under which the patient identifiable information
will be maintained in accordance with specified security requirements
under the regulations.
- Audit and Evaluation Activities: Information may be disclosed for audit
by an appropriate federal, state or local governmental agency that provides
financial assistance to the program or is authorized by law to regulate
its activities; a third party payer covering patients in the program;
a private person or entity that provides financial assistance to the program;
a peer review organization performing utilization or quality control review;
or an entity authorized to conduct a Medicare or Medicaid audit or evaluation.
Reports of Suspected Child Abuse or Neglect and Information Contained Therein
May Be Disclosed Only To:
- Law enforcement.
- Child welfare agency.
- Licensing agency (the state agency responsible for licensing the agency
Reports of Elder and Dependent Adult Abuse May Be Disclosed Only in the
- Information relevant to the incident of elder or dependent adult abuse
may be given to an investigator from an adult protective services agency,
a local law enforcement agency, the Bureau of Medi-Cal fraud, or investigators
from the Department of Consumer Affairs, Division of Investigation who
are investigating the known or suspected case of elder or dependent adult abuse.
- Persons who are trained and qualified to serve on multi-disciplinary personnel
teams may disclose to one another information and records that are relevant
to the prevention, identification, or treatment of abuse of elderly or
- The health care provider may disclose medical information pursuant to the
Confidentiality of Medical Information Act.
- The health care provider may disclose mental health information pursuant
to California law.
- Information from elder abuse reports and investigations, except for the
identity of persons who have made reports.
- Information pertaining to reports by health practitioners of persons suffering
from physical injuries inflicted by means of a firearm or of persons suffering
physical injury where the injury is a result of assaultive or abusive conduct.
- Information protected by the physician-patient or psychotherapist patient
HIV Test Results May Be Disclosed to the Following Persons Without the
Written Authorization of the Subject of the Test:
- To the subject of the test or the subject’s legal representative,
conservator, or to any person authorized to consent to the act.
- To a test subject’s provider of health care, as defined by California law.
- To an agent or employee of the test subject’s provider of health
care who provides direct patient care and treatment.
- To a provider of health care who procures, processes, distributes or uses
a human body part donated pursuant to the Uniform Anatomical Gift Act.
- To the designated officer of an emergency response employee (as those terms
are used in the Ryan White Comprehensive AIDS Resources Emergency Act of 1990).
- To a procurement organization, a coroner, or a medical examiner in conjunction
with organ donation.
- To a health care worker who has been exposed to the potentially infectious
materials of a patient provided that strict procedures for testing and
consent are followed.
- To specified categories of persons, where the test has been performed on
a criminal defendant pursuant to California law.
- To an officer in charge of adult correctional or juvenile detention facilities
that an inmate or minor at such facility has been exposed or infected
by the AIDS virus or has an AIDS-related condition or other communicable disease.
- Health care facilities and clinics must establish administrative procedures
to assure that reports are made to the local health officer.
- Where no health care provider is in attendance, any individual having knowledge
of a person who is suspected to have a disease reportable under California
law, may make a report to the local health officer for the jurisdiction
in which the patient resides.
- Disease notifications must include, if known, the following information:
the name of the disease or condition; the date of onset; the date of diagnosis;
the name, address, telephone number, occupation, race/ethnic group, social
security number, sex, age, and the date of birth of the patient; the date
of death when applicable; and the name, address and telephone number of
the person making the report.
Release of Mental Health and Developmental Disability Information Requires
the Written Authorization of the Patient Only to the Persons Listed Below:
- The patient’s attorney, upon presentation of release of information
authorization signed by the patient. If the patient is unable to sign,
the facility may release records to the attorney, if the staff has determined
that the attorney represents the interests of the patient.
- A person designated by the patient, provided the professional in charge
of the patient gives approval; patient consent is not required.
- A person designated in writing by a patient's parent, guardian, conservator,
or guardian ad litem if the patient is a minor, ward or conservatee; patient’s
consent is not required.
- A professional person who does not have the medical or psychological responsibility
for the patient’s care and who is not employed by the facility that
maintains the record.
- A life or disability insurer provided the patient designates the insurer
- A qualified physician or psychiatrist who represents an employer to which
the patient has applied for employment unless the physician or administrative
officer responsible for the care of the patient deems the release contrary
to the best interests of the patient.
- A probation officer charged with the evaluation of a person after his or
her conviction of a crime if the person has been previously confined in,
or otherwise treated by, a facility.
- An applicant for, or recipient of, services from the state Department of
Developmental Services (or the person’s authorized representative)
for the purpose of appealing an adverse eligibility or benefits decision.
- A county patients’ rights advocate upon presentation of written authorization,
signed by the patient who is the advocate's 'client' or by
the 'client's' guardian ad litem.
Your Rights Regarding Your Protected Health Information
For Further Information /Complaints.
If you desire further information about your privacy rights, are concerned
that we have violated your privacy rights or disagree with a decision
that we made about access to your PHI, you may contact our Privacy Office.
You may also file written complaints with the Director, Office for Civil
Rights of the U.S. Department of Health and Human Services. Upon request,
the Privacy Office will provide you with the correct address for the Director.
We will not retaliate against you if you file a complaint with us or the Director.
Right to Request Additional Restrictions.
You may request restrictions on our use and disclosure of your PHI
(1) for treatment, payment and health care operations,
(2) to individuals (such as a family member, other relative, close personal
friend or any other person identified by you) involved with your care
or with payment related to your care, or
(3) to notify or assist in the notification of such individuals regarding
your location and general condition. While we will consider all requests
for additional restrictions carefully, we are not required to agree to
a requested restriction. If you wish to request additional restrictions,
please obtain a request form from the Health Information Management (H.I.M.)
Director and submit the completed form to the H.I.M. Director. We will
send you a written response.
Right to Receive Confidential Communications.
You may request, and we will accommodate, any reasonable written request
for you to receive your PHI by alternative means of communication or at
Right to Revoke Your Authorization.
You may revoke your authorization, your marketing authorization or any
written authorization obtained in connection with your highly confidential
information, except to the extent that we have taken action in reliance
upon it, by delivering a written revocation statement to the H.I.M. Director
Right to Inspect and Copy Your Health Information.
You may request access to your medical record file and billing records
maintained by us in order to inspect and request copies of the records.
Under limited circumstances, we may deny you access to a portion of your
records. You should take note that, if you are a parent or legal guardian
of a minor, certain portions of the minor’s medical record will
not be accessible to you (for example, records pertaining to health care
services for which the minor can lawfully give consent and therefore for
which the minor has the right to inspect or obtain copies of the record
(i.e. abortion or mental health treatment); or the health care provider
determines, in good faith, that access to the patient records requested
by the representative would have a detrimental effect on the provider’s
professional relationship with the minor patient or on the minor’s
physical safety or psychological well-being. If you desire access to your
records, please obtain a record request form from the Medical Records
Office and submit the completed form to the Medical Records Office. If
you request copies, we will charge you twenty-five cents ($0.25) for each
page copied and the actual costs for clerical time and copies of x-rays
and EEG, ECG and EMG tracings. We will also charge you for our postage
costs, if you request that we mail the copies to you.
Right to Amend Your Records.
You have the right to request that we amend Protected Health Information
maintained in your medical record file or billing records. If you desire
to amend your records, please obtain an amendment request form from the
Medical Records Office and submit the completed form to the Medical Records
Office. We will comply with your request unless we believe that the information
that would be amended is accurate and complete or other special circumstances apply.
Right to Receive an Accounting of Disclosures.
Upon request, you may obtain an accounting of certain disclosures of your
PHI made by us during any period of time prior to the date of your request
provided such period does not exceed six years and does not apply to disclosures
that occurred prior to April 14, 2003. If you request an accounting more
than once during a twelve (12) month period, we will charge you the actual
costs of the preparing of the accounting statement for each subsequent request.
Notification of Unlawful or Unauthorized Access, Use, or Disclosure.
In the event of an unlawful or unauthorized access, use or disclosure of
your Protected Health Information in violation of the California Confidentiality
of Medical Information Act and related privacy laws occurs, reasonable
efforts will be undertaken to advise you of the same within five (5) days
of the detection by the Hospital of any such breach of privacy.
Right to Receive Paper Copy of this Notice.
Upon request, you may obtain a paper copy of this Notice, even if you have
agreed to receive such notice electronically.
Effective Date and Duration of This Notice
This notice is effective on April 14, 2003.
Right to Change Terms of this Notice.
We may change the terms of this notice at any time. If we change this notice,
we may make the new notice terms effective for all Protected Health Information
that we maintain, including any information created or received prior
to issuing the new notice. If we change this notice, we will post the
new notice in waiting areas around the Hospital and on our Internet web site at
www.redlandshospital.org. You also may obtain any new notice by contacting the Privacy Office.
You may contact the Privacy Officer at:
Redlands Community Hospital
350 Terracina Boulevard
Redlands CA 92373
Telephone: (909) 478-3524