Notice of RCH Privacy Practices

This notice describes how medical information about you may be used and disclosed and how to get access to this information. Please review it carefully.

  1. Who We Are

    This notice describes the privacy practices of Redlands Community Hospital (the Hospital), including members of its workforce, the physician members of the medical staff, and allied health professionals who practice at the Hospital. The Hospital and the individual health care providers together are sometimes called us or we in this notice. While we engage in many joint activities and provide services in a clinically integrated care setting, we each are separate legal entities. This notice applies to services furnished to you at 350 Terracina Boulevard, Redlands, California as a Hospital inpatient or outpatient.

  2. Our Privacy Obligations

    Each of us is required by law to maintain the privacy of your health information (Protected Health Information or PHI) and to provide you with this Notice of our legal duties and privacy practices with respect to your Protected Health Information. When we use or disclose your Protected Health Information, we are required to abide by the terms of this notice (or other notice in effect at the time of the use or disclosure).

  3. Permissible Uses and Disclosures Without Your Written Authorization

    In certain situations, which we will describe in Section IV, we must obtain your written authorization in order to use and/or disclose your PHI. However, we do not need any type of authorization from you for the following uses and disclosures:

    1. Uses and Disclosures for Treatment Payment and Health Care Operations.

      We may use and disclose PHI, but not your 'highly confidential information' (defined in Section IV.C), in order to treat you, obtain payment for services provided to you and conduct our health care operations as detailed below:

      • Treatment

        We use and disclose your PHI to provide treatment and other services to you. For example, to diagnose and treat your injury or illness. In addition, we may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you. We may also disclose PHI to other providers involved in your treatment.

      • Payment

        We may use and disclose your PHI to obtain payment for services that we provide to you. For example, disclosures to claim and obtain payment from your health insurer, HMO, or other company that arranges or pays the cost of some or all of your health care (your 'Payor') to verify that your payor will pay for health care.

      • Health Care Operations

        We may use and disclose your PHI for our health care operations, which include internal administration and planning and various activities that improve the quality and cost effectiveness of the care that we deliver to you. For example, we may use PHI to evaluate the quality and competence of our physicians, nurses and other health care workers. We may disclose PHI to our Privacy Office Risk Management Officer in order to resolve any complaints you may have and ensure that you have a comfortable visit with us.

      We may also disclose PHI to your other health care providers when such PHI is required for them to treat you, receive payment for services they render to you, or conduct certain health care operations, such as quality assessment and improvement activities, reviewing the quality and competence of health care professionals, or for health care fraud and abuse detection or compliance. In addition, we may share PHI with our business associates who perform treatment, payment and health care operations services on our behalf.

    2. Use or Disclosure for Directory of Individuals in the Hospital.

      We may include your name, location in the hospital, general health condition and religious affiliation in a patient directory without obtaining your authorization unless you object to inclusion in the directory or are located in a specific ward, wing or unit where the identification of which would reveal that you are receiving treatment for mental health and developmental disabilities. Information in the directory may be disclosed to anyone who asks for you by name or members of the clergy; provided, however, that religious affiliation will only be disclosed to members of the clergy.

    3. Disclosure to Relatives, Close Friends and Other Caregivers.

      We may use or disclose your PHI to a family member, other relative, a close personal friend or any other person identified by you when you are present for, or otherwise available prior to, the disclosure, if we (1) obtain your agreement; (2) provide you with the opportunity to object to the disclosure and you do not object; or (3) reasonably infer that you do not object to the disclosure. If you are not present, or the opportunity to agree or object to a use or disclosure cannot practicably be provided because of your incapacity or an emergency circumstance, we may exercise our professional judgment to determine whether a disclosure is in your best interests. If we disclose information to a family member, other relative or a close personal friend, we would disclose only information that we believe is directly relevant to the person’s involvement with your health care or payment related to your health care. We may also disclose your PHI in order to notify (or assist in notifying) such persons of your location or general condition.

    4. Public Health Activities.

      We may disclose your PHI for the following public health activities: (1) to report health information to public health authorities for the purpose of preventing or controlling disease, injury or disability; (2) to report child abuse and neglect to public health authorities or other government authorities authorized by law to receive such reports; (3) to report information about products and services under the jurisdiction of the U.S. Food and Drug Administration; (4) to alert a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition; and (5) to report information to your employer as required under laws addressing work-related illnesses and injuries or workplace medical surveillance.

    5. Victims of Abuse, Neglect or Domestic Violence.

      If we reasonably believe you are a victim of abuse, neglect or domestic violence, we may disclose your PHI to a governmental authority, including a social service or protective services agency, authorized by law to receive reports of such abuse, neglect, or domestic violence.

    6. Health Oversight Activities.

      We may disclose your PHI to a health oversight agency that oversees the health care system and is charged with responsibility for ensuring compliance with the rules of government health programs such as Medicare or Medicaid.

    7. Judicial and Administrative Proceedings.

      We may disclose your PHI in the course of a judicial or administrative proceeding in response to a legal order or other lawful process.

    8. Law Enforcement Officials.

      We may disclose your PHI to the police or other law enforcement officials as required or permitted by law or in compliance with a court order or a grand jury or administrative subpoena.

    9. Decedents.

      We may disclose your PHI to a coroner or medical examiner as authorized by law.

    10. Organ and Tissue Procurement.

      We may disclose your PHI to organizations that facilitate organ, eye or tissue procurement, banking or transplantation.

    11. Research.

      We may use or disclose your PHI without your consent or authorization if our Institutional Review Board approves a waiver of authorization for disclosure.

    12. Health or Safety.

      We may use or disclose your PHI to prevent or lessen a serious and imminent threat to a person’s or the public’s health or safety.

    13. Specialized Government Functions.

      We may use and disclose your PHI to units of the government with special functions, such as the U.S. military or the U.S. Department of State under certain circumstances.

    14. Workers Compensation.

      We may disclose your PHI as authorized by and to the extent necessary to comply with California law relating to workers compensation or other similar programs.

    15. As Required by Law.

      We may use and disclose your PHI when required to do so by any other law not already referred to in the preceding categories.

  4. Uses and Disclosure Requiring Your Written Authorization
    1. Use or Disclosure with Your Authorization.

      For any purpose other than the ones described above in Section III, we only may use or disclose your PHI when you grant us your written authorization on our authorization form ('Your Authorization'). For instance, you will need to execute an authorization form before we can send your PHI to your life insurance company or to the attorney representing the other party in litigation in which you are involved.

    2. Marketing.

      We must also obtain your written authorization ('Your Marketing Authorization') prior to using your PHI to send you any marketing materials. (We can, however, provide you with marketing materials in a face-to-face encounter without obtaining Your Marketing Authorization. We are also permitted to give you a promotional gift of nominal value, if we so choose, without obtaining Your Marketing Authorization.) In addition, we may communicate with you about products or services relating to your treatment, case management or care coordination, or alternative treatments, therapies, providers or care settings without Your Marketing Authorization.

    3. Uses and Disclosures of Your Highly Confidential Information.

      In addition, federal and state law requires special privacy protections for certain highly confidential information about you, including the subset of your PHI that: (1) is maintained in psychotherapy notes; (2) is about mental health and developmental disabilities services; (3) is about alcohol and drug abuse prevention, treatment, and referral; (4) is about HIV/AIDS testing, diagnosis or treatment; (5) is about communicable disease(s); (6) is about genetic testing; (7) is about child abuse and neglect; (8) is about domestic and elder abuse or (9) is about sexual assault. In order for us to disclose your highly confidential information for a purpose other than those permitted by law, we must obtain your written authorization. In accordance with federal and California law, there are specific situations in which highly confidential information may be released without the patient’s authorization:

      1. Substance Abuse Information May Be Released in the Following Situations:
        • Program Personnel: Communication of information between or among personnel who need such information to diagnose, treat, or refer for treatment of alcohol or drug abuse, if the communications are within a program or between a program and an entity that has direct administrative control over the program.
        • Qualified Service Organizations: Communications between a program and a qualified service organization of information needed by the organization to provide services to the program
        • Crimes on Program Premises or Against Program Personnel: Communications from program personnel to law enforcement officers that are directly related to a patient’s commission of a crime on program premises or against program personnel or to a threat to commit such crime and are limited to the circumstances of the incidents.
        • Child Abuse Reports: Reports of suspected child abuse and neglect under California law to the appropriate authorities.
        • Veterans Administration and Armed Forces: Certain exceptions apply to records and information maintained by the Veterans’ Administration and Armed Forces.
        • Medical Emergencies: Information may be disclosed to medical personnel who need the information to treat a condition which poses an immediate threat to the health of any individual and which requires immediate medical intervention.
        • Research Activities: Information may be disclosed for the purpose of conducting scientific research if the program director determines that the recipient of the patient-identifiable information is qualified to conduct the research and has a research protocol under which the patient identifiable information will be maintained in accordance with specified security requirements under the regulations.
        • Audit and Evaluation Activities: Information may be disclosed for audit by an appropriate federal, state or local governmental agency that provides financial assistance to the program or is authorized by law to regulate its activities; a third party payer covering patients in the program; a private person or entity that provides financial assistance to the program; a peer review organization performing utilization or quality control review; or an entity authorized to conduct a Medicare or Medicaid audit or evaluation.
      2. Reports of Suspected Child Abuse or Neglect and Information Contained Therein May Be Disclosed Only To:
        • Law enforcement.
        • Child welfare agency.
        • Licensing agency (the state agency responsible for licensing the agency in question).
      3. Reports of Elder and Dependent Adult Abuse May Be Disclosed Only in the Following Situations:
        • Information relevant to the incident of elder or dependent adult abuse may be given to an investigator from an adult protective services agency, a local law enforcement agency, the Bureau of Medi-Cal fraud, or investigators from the Department of Consumer Affairs, Division of Investigation who are investigating the known or suspected case of elder or dependent adult abuse.
        • Persons who are trained and qualified to serve on multi-disciplinary personnel teams may disclose to one another information and records that are relevant to the prevention, identification, or treatment of abuse of elderly or dependent adults.
        • The health care provider may disclose medical information pursuant to the Confidentiality of Medical Information Act.
        • The health care provider may disclose mental health information pursuant to California law.
        • Information from elder abuse reports and investigations, except for the identity of persons who have made reports.
        • Information pertaining to reports by health practitioners of persons suffering from physical injuries inflicted by means of a firearm or of persons suffering physical injury where the injury is a result of assaultive or abusive conduct.
        • Information protected by the physician-patient or psychotherapist patient privileges.
      4. HIV Test Results May Be Disclosed to the Following Persons Without the Written Authorization of the Subject of the Test:
        • To the subject of the test or the subject’s legal representative, conservator, or to any person authorized to consent to the act.
        • To a test subject’s provider of health care, as defined by California law.
        • To an agent or employee of the test subject’s provider of health care who provides direct patient care and treatment.
        • To a provider of health care who procures, processes, distributes or uses a human body part donated pursuant to the Uniform Anatomical Gift Act.
        • To the designated officer of an emergency response employee (as those terms are used in the Ryan White Comprehensive AIDS Resources Emergency Act of 1990).
        • To a procurement organization, a coroner, or a medical examiner in conjunction with organ donation.
        • To a health care worker who has been exposed to the potentially infectious materials of a patient provided that strict procedures for testing and consent are followed.
        • To specified categories of persons, where the test has been performed on a criminal defendant pursuant to California law.
        • To an officer in charge of adult correctional or juvenile detention facilities that an inmate or minor at such facility has been exposed or infected by the AIDS virus or has an AIDS-related condition or other communicable disease.
      5. Communicable Diseases:
        • Health care facilities and clinics must establish administrative procedures to assure that reports are made to the local health officer.
        • Where no health care provider is in attendance, any individual having knowledge of a person who is suspected to have a disease reportable under California law, may make a report to the local health officer for the jurisdiction in which the patient resides.
        • Disease notifications must include, if known, the following information: the name of the disease or condition; the date of onset; the date of diagnosis; the name, address, telephone number, occupation, race/ethnic group, social security number, sex, age, and the date of birth of the patient; the date of death when applicable; and the name, address and telephone number of the person making the report.
      6. Release of Mental Health and Developmental Disability Information Requires the Written Authorization of the Patient Only to the Persons Listed Below:
        • The patient’s attorney, upon presentation of release of information authorization signed by the patient. If the patient is unable to sign, the facility may release records to the attorney, if the staff has determined that the attorney represents the interests of the patient.
        • A person designated by the patient, provided the professional in charge of the patient gives approval; patient consent is not required.
        • A person designated in writing by a patient's parent, guardian, conservator, or guardian ad litem if the patient is a minor, ward or conservatee; patient’s consent is not required.
        • A professional person who does not have the medical or psychological responsibility for the patient’s care and who is not employed by the facility that maintains the record.
        • A life or disability insurer provided the patient designates the insurer in writing.
        • A qualified physician or psychiatrist who represents an employer to which the patient has applied for employment unless the physician or administrative officer responsible for the care of the patient deems the release contrary to the best interests of the patient.
        • A probation officer charged with the evaluation of a person after his or her conviction of a crime if the person has been previously confined in, or otherwise treated by, a facility.
        • An applicant for, or recipient of, services from the state Department of Developmental Services (or the person’s authorized representative) for the purpose of appealing an adverse eligibility or benefits decision.
        • A county patients’ rights advocate upon presentation of written authorization, signed by the patient who is the advocate's 'client' or by the 'client's' guardian ad litem.
  5. Your Rights Regarding Your Protected Health Information
    1. For Further Information /Complaints.

      If you desire further information about your privacy rights, are concerned that we have violated your privacy rights or disagree with a decision that we made about access to your PHI, you may contact our Privacy Office. You may also file written complaints with the Director, Office for Civil Rights of the U.S. Department of Health and Human Services. Upon request, the Privacy Office will provide you with the correct address for the Director. We will not retaliate against you if you file a complaint with us or the Director.

    2. Right to Request Additional Restrictions.

      You may request restrictions on our use and disclosure of your PHI (1) for treatment, payment and health care operations, (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved with your care or with payment related to your care, or (3) to notify or assist in the notification of such individuals regarding your location and general condition. While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction. If you wish to request additional restrictions, please obtain a request form from the Health Information Management (H.I.M.) Director and submit the completed form to the H.I.M. Director. We will send you a written response.

    3. Right to Receive Confidential Communications.

      You may request, and we will accommodate, any reasonable written request for you to receive your PHI by alternative means of communication or at alternative locations.

    4. Right to Revoke Your Authorization.

      You may revoke your authorization, your marketing authorization or any written authorization obtained in connection with your highly confidential information, except to the extent that we have taken action in reliance upon it, by delivering a written revocation statement to the H.I.M. Director identified below.

    5. Right to Inspect and Copy Your Health Information.

      You may request access to your medical record file and billing records maintained by us in order to inspect and request copies of the records. Under limited circumstances, we may deny you access to a portion of your records. You should take note that, if you are a parent or legal guardian of a minor, certain portions of the minor’s medical record will not be accessible to you (for example, records pertaining to health care services for which the minor can lawfully give consent and therefore for which the minor has the right to inspect or obtain copies of the record (i.e. abortion or mental health treatment); or the health care provider determines, in good faith, that access to the patient records requested by the representative would have a detrimental effect on the provider’s professional relationship with the minor patient or on the minor’s physical safety or psychological well-being. If you desire access to your records, please obtain a record request form from the Medical Records Office and submit the completed form to the Medical Records Office. If you request copies, we will charge you twenty-five cents ($0.25) for each page copied and the actual costs for clerical time and copies of x-rays and EEG, ECG and EMG tracings. We will also charge you for our postage costs, if you request that we mail the copies to you.

    6. Right to Amend Your Records.

      You have the right to request that we amend Protected Health Information maintained in your medical record file or billing records. If you desire to amend your records, please obtain an amendment request form from the Medical Records Office and submit the completed form to the Medical Records Office. We will comply with your request unless we believe that the information that would be amended is accurate and complete or other special circumstances apply.

    7. Right to Receive an Accounting of Disclosures.

      Upon request, you may obtain an accounting of certain disclosures of your PHI made by us during any period of time prior to the date of your request provided such period does not exceed six years and does not apply to disclosures that occurred prior to April 14, 2003. If you request an accounting more than once during a twelve (12) month period, we will charge you the actual costs of the preparing of the accounting statement for each subsequent request.

    8. Notification of Unlawful or Unauthorized Access, Use, or Disclosure.

      In the event of an unlawful or unauthorized access, use or disclosure of your Protected Health Information in violation of the California Confidentiality of Medical Information Act and related privacy laws occurs, reasonable efforts will be undertaken to advise you of the same within five (5) days of the detection by the Hospital of any such breach of privacy.

    9. Right to Receive Paper Copy of this Notice.

      Upon request, you may obtain a paper copy of this Notice, even if you have agreed to receive such notice electronically.

  6. Effective Date and Duration of This Notice
    1. Effective Date.

      This notice is effective on April 14, 2003.

    2. Right to Change Terms of this Notice.

      We may change the terms of this notice at any time. If we change this notice, we may make the new notice terms effective for all Protected Health Information that we maintain, including any information created or received prior to issuing the new notice. If we change this notice, we will post the new notice in waiting areas around the Hospital and on our Internet web site at www.redlandshospital.org. You also may obtain any new notice by contacting the Privacy Office.

  7. Privacy Office

    You may contact the Privacy Officer at:
    Privacy Office
    Redlands Community Hospital
    350 Terracina Boulevard
    Redlands CA 92373
    Telephone: (909) 478-3524
    E-mail: Privacy.Officer@redlandshospital.org