PRIVACY- About the Office
Our Privacy Mission
The mission of the Privacy Office is to ensure institutional compliance with federal and state privacy regulations, as well as industry standards, for restricted information; and to provide centralized resources, oversight and enforcement for privacy-related activities. O.C.H.F. Privacy Organization Chart
Our Core Privacy Responsibilities:
1. To develop, implement, and maintain O.C.H.F. Privacy-focused policies, procedures and guidelines that comply with statutory mandates and industry regulations.
2. To deliver privacy-related training and to oversee privacy program monitoring and enforcement as required by privacy statutes and standards.
3. To serve as the central contact and investigation authority for privacy complaints, incidents, and breaches. To coordinate the privacy notifications when required.
4. To evaluate opportunities to reduce privacy risks and to execute program modifications that advance overall privacy compliance.
To coordinate O.C.H.F. medical records management and to provide consultation as O.C.H.F. clinics transition to electronic medical record systems.
The Scope of Privacy Regulation at O.C.H.F.- (Federal Statutes)
- Communications-related Statutes
- Children's Online Privacy Protection Act (COPPA)
- Electronic Communications Privacy Act
- Family Education Rights and Protection Act (FERPA)
- Federal Privacy Act of 1974
- Finance-related Statutes
- Fair Credit Reporting Act (FCRA)
- Financial Services Regulatory Relief Act of 2006
- Indian Health Service Direct Care & Contract Health Service Protocol
- Health-related Statutes
- Right to Financial Privacy Act
- Americans with Disabilities Act
- Federal Substance Abuse Record Confidentiality
- Health Insurance Portability & Accountability Act (HIPAA) for Owyhee Community Health Facility and Affiliated Covered Entities / medical components; Benefit and Disability Plans.
- Veterans' Administration Medical Center
- Business Associates
- Patriot Act
Patient and Visitor INFORMATION
What is HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act. There are three main components to the regulations: transaction code sets, security and privacy. The privacy regulations went into effect in 1996, Public Law 104-191, included "Administrative Simplification" provisions that required HHS to adopt national standards for electronic health care transactions.
How is Owyhee Community Health Facility complying with HIPAA?
We already do a lot of things to protect patient information at O.C.H.F., but are expanding on these policies and procedures. Every associate has received basic HIPAA training focusing on confidentiality. All staff received more information about specific policies and how to be compliant, including individual department training. It is mandatory that all associates complete training.
Who is responsible for following HIPAA guidelines?
Who is responsible for following HIPAA guidelines? Every O.C.H.F. Health Systems associate, all physicians, volunteers, and business associates must follow the regulations to protect patient information. There are criminal and civil penalties for non-complilance, such as significant fines, loss of employment and even imprisonment. We all have a responsibility to protect patient privacy.
How are things changing?
O.C.H.F. has always taken measures to ensure patient privacy. Many of the policies are an expansion of our current practices. It is everyone's responsibility to protect patient privacy.
What is the Privacy Notice?
A Privacy Notice has been created by O.C.H.F. Health Systems to explain to a patient how their information is used. During the regulation process, every patient will sign a form acknowledging receipt of the policy. The Privacy Notice is available in every waiting room/registration area and on our website. Posters are visible throughout the Clinic. Click here to view our Privacy Notice
What is a Release of Information?
We also have a link to our Release of Information form, which must be signed by you as the patient or your legal representative prior to any release of your medical information not otherwise required by law.
Each time you visit a hospital, physician, or healthcare provider, a record of your visit is made. Typically, this record contains your name, address and insurance information, your symptoms, examination and test results, diagnoses, treatment, and a plan for future care. this information is referred to as your medical information, medical record, or protected health information (PHI).
What is PHI?
Protected Health Information (PHI) is information that identifies a patient or links a patient to health care services received. They include personal identity, physical or mental health condition, type of care provided and payment of care.
We may share your medical information with physicians, nurses, students and other healthcare personnel who provide you with healthcare services or are involved in your care. We also provide copies of various reports that assist caregivers in treating you after your discharge from the hospital. We may also recommend treatment alternatives, tell you about health benefits and services we provide, or send appointment reminders. Sensitive information, such as substance abuse or mental health treatment or HIV test results, will not be released without your signed consent.
Can a patient restrict the use of their PHI?
Yes, there are times when patients can request a restriction of information. For example, patients can request that their information be excluded from the Clinic directory. There are other situations when patients can complete a request form to restrict information from their record.
What other rights do patients have under HIPAA?
- Patients have the right to request an amendment to their medical record, through the Privacy Officer.
- Patients have the right to request a complete listing of disclosures made from their medical record, including mandatory state reporting. Requests for this accounting of disclosures should be referred to the O.C.H.F. Health Information Services Department at 775-757-2415.
- Patients have the right to expect that only the minimum amount of information necessary will be shared for any requested purpose.
- Patients have a right to file a grievance with O.C.H.F. Clinic's Director of Quality.
- Requests that we use a specific telephone number or address to communicate with you.
- Receive a paper copy of this notice even if you receive it electronically.
- Request that we restrict how we use your medical information (we may not be able to comply with all requests).
- Inspect and copy your medical information (fees may apply).
- Request additions or corrections to your medical information.
- Receive an accounting of how your medical information was shared (excludes those uses for treatment, payment, healthcare management and required uses).
Confidentiality of Substance Abuse Records:
For individuals who have received treatment, diagnosis or referral for treatment from our drug or alcohol abuse programs, federal law and regulations protect the confidentiality of drug or alcohol abuse records. As a general rule, we may not tell a person outside the programs that you attend any of these programs, or disclose any information identifying you as an alcohol or drug abuser, unless:
- You authorize the disclosure in writing.
- The disclosure is permitted by a court order.
- The disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit or program evaluation purposes.
- You threaten to commit a crime either at the drug abuse or alcohol program or against any person who works for our drug abuse or alcohol programs.
A violation by us of the federal law and regulations governing drug or alcohol abuse is a crime. suspected violations may be reported to the United States Attorney in the district where the violation occurs. Federal law and regulations governing confidentiality of drug or alcohol abuse permit us to report suspected child abuse or neglect under state law to appropriate state or local authorities. Please see 42 U.S.C. § 290dd-2 for federal law and 42 C.F.R., Part 2 for federal regulations governing confidentiality of alcohol and drug abuse patient records.
Non Retaliation for Filing a Complaint:
Owyhee Community Health Facility will not intimidate, threaten, coerce, discriminate, penalize, or take other retaliatory action against a patient/employee who exercises his/her rights under HIPAA or against any patient/employee who participates in a process governed by the HIPAA Privacy Regulations. This prohibition also applies to:
a. Individual and/or patient complaints filed with the Secretary of HHS
b. Testifying, assisting, or participating in an investigation, compliance review, proceeding, or hearing arising under the HIPAA Privacy Regulations; or
c. Opposing any act or practice of Owyhee Community Health Facility, provided the individual or patient, as appropriate, has a good faith belief that the practice opposed is unlawful, and the manner of opposition is reasonable and does not disclose PHI in violation of the HIPAA Privacy Regulations.
No patient or individual will be asked to waive his/her HIPAA rights, including the right to file a complaint about the use or disclosure of his/her PHI.
To Contact Us:
If you have further questions, would like more information regarding the privacy of your medical information, think we may have violated your privacy rights, or disagree with a decision we made about access to your medical information, contact us:
Privacy Officer, (775) 757-2415
All complaints will be thoroughly investigated and your care will not be adversely affected for filing a complaint. You may also file a written complaint with the individual(s) of the;
The Secretary, U.S. Department of Health and Human Services,
200 Independence Avenue SW,
Washington, D.C. 20201
If you have any further questions or concerns, please do not hesitate to contact us.
(Click the hyperlinks below to view/print as PDF's)