Rochester RHIO Privacy Notice
Effective: September 10, 2018
Updated: December 7, 2020
At Rochester RHIO, we are committed to protecting your information as well as the privacy of patients. Rochester RHIO uses and discloses PHI lawfully, fairly and in a transparent manner. For more information, refer to the Privacy & Security Policies & Procedures for QEs in New York State.
- The RHIO may use and/or disclose your PHI for purposes related to your care, payment for your care, and health care operations. The following are examples of the types of uses and/or disclosures of your PHI that may occur. These examples are not meant to include all possible types of use and/or disclosure.
(a) Care – To provide, coordinate and manage your care. The RHIO will allow access to your PHI to those health care professionals, directly involved in your care so that they may understand your medical condition and needs and provide advice or treatment (e.g., a specialist or laboratory). For example, a physician treating you for a condition such as arthritis may need to know what medications have been prescribed for you.
(b) Payment – The RHIO may provide your PHI, directly or through a billing service, to appropriate third party payors, pursuant to their billing and payment requirements. For example, the RHIO may need to provide your health insurance carrier with information about health care services that you received so that providers can be properly reimbursed.
(c) Health Care Operations – In order to operate in accordance with applicable law and insurance requirements and in order to provide quality and efficient care, it may be necessary to compile, use and/or disclose your PHI. AUTHORIZATION NOT REQUIRED.
- The RHIO may use and/or disclose your PHI, without a written Authorization or Consent from you, in the following normal situations:
(a) De-identified Information – If your PHI is altered so that it does not identify you and, even without your name, cannot be used to identify you.
(b) Business Associate – To a business associate, which is someone who the RHIO contracts with to provide a service necessary for your treatment, payment for your treatment and health care operations (e.g., billing service or transcription service). The RHIO will obtain satisfactory written assurance, in accordance with applicable law, that the business associate will appropriately safeguard your PHI.
(c) To You or a Personal Representative – To you, or a person who, under applicable law, has the authority to represent you in making decisions related to your health care.
- The RHIO may use and/or disclose your PHI, without a written Authorization from you, in the following special situations:
(a) Public Health Activities - Such activities include, for example, information collected by a public health authority, as authorized by law, to prevent or control disease, injury or disability. This includes reports of child abuse or neglect.
(b) Health Oversight Activities - Such activities, which must be required by law, involve government agencies involved in oversight activities that relate to the health care system, government benefit programs, government regulatory programs and civil rights law. Those activities include, for example, criminal investigations, audits, disciplinary actions, or general oversight activities relating to the community's health care system.
(c) Judicial and Administrative Proceeding - For example, the RHIO may be required to disclose your PHI in response to a court order or a lawfully issued subpoena.
(d) Law Enforcement Purposes - In certain instances, your PHI may have to be disclosed to a law enforcement official for law enforcement purposes. Law enforcement purposes include: (1) complying with a legal process (i.e., subpoena) or as required by law; (2) information for identification and location purposes (e.g., suspect or missing person); (3) information regarding a person who is or is suspected to be a crime victim; (4) in situations where the death of an individual may have resulted from criminal conduct; (5) in the event of a crime occurring on the premises of the RHIO; and (6) a medical emergency (not on the RHIOs premises) has occurred, and it appears that a crime has occurred.
(e) Organ, Eye or Tissue Donation - If you are an organ donor, the Practice may disclose your PHI to the entity to whom you have agreed to donate your organs.
- Rochester RHIO provides for individual complaints concerning its privacy policies and procedures or its compliance with such policies and procedures. If you have a question, concern, or complaint regarding Rochester RHIO's privacy policies and procedures, contact us immediately via telephone at 1-877-865-RHIO or email email@example.com. Rochester RHIO responds to complaints, concerns, and questions from individuals within 10 business days.
For questions or concerns regarding Rochester RHIO's Audit Policy, go to rochesterrhio.org/ForPatients to learn more about how you can request a free Audit Report.
- Rochester RHIO employs secure mechanisms to ensure that PHI and PII are disposed of in a secure manner.
- Individiduals do not have the ability to consent to specific uses of thier information (PII/PHI) outside of the specific consent forms Rochester RHIO utilizes community-wide. For more information on patient consent, go to https://rochesterrhio.org/ForPatients.
- Rochester RHIO has authority to gather PHI and PII because it is a Qualified Entity of the State of New York. For more information on the New York State policies that govern this, refer to Section 1.2.5, of the New York Privacy and Security Policies and Procedures for QEs and Participants.
Section 1.2.5 Converting Data. Affirmative Consent shall not be required for the conversion of paper patient medical records into electronic form or for the uploading of Protected Health Information from the records of a Data Supplier to a QE, provided that (i) the QE is serving as the Data Supplier’s Business Associate (as defined in 45 C.F.R. § 160.103) and (ii) the QE does not Disclose the information until Affirmative Consent is obtained, except as otherwise permitted in these Policies and Procedures.
Rochester RHIO provides effective notice to the public and to individuals regarding:
- Its activities that impact privacy, including its collection, use, sharing, safeguarding, maintenance, and disposal of PII;
- Authority for collecting PII;
- The choices, if any, individuals may have regarding how the organization uses PII and the consequences of exercising or not exercising those choices; and
- The ability to access and have PII amended or corrected if necessary.
- Rochester RHIO revises its public notices to reflect changes in practice or policy that affect PII /PHI or changes in its activities that impact privacy, before, or as soon as practible after the change.
Website Privacy Practices
- What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
- What choices are available to you regarding the use of your data.
- The security procedures in place to protect the misuse of your information.
- How you can correct any inaccuracies in the information.
Information Collection, Use, and Sharing
Your Access to and Control Over Information
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Have us delete any data we have about you.
- Express any concern you have about our use of your data.
Website Terms & Conditions of Use
Content Reuse and Linking
The pages on the Rochester RHIO website (RochesterRHIO.org and grrhio.org) are copyrighted and are the property of the Rochester RHIO. No material may be copied from our site and posted on another site or published in any print source without our explicit permission and with full attribution (citation) as provided by us. However, we are a collaborative organization and we encourage others to link to our site freely. As a courtesy, we would appreciate learning of any new links to our site. Please send notification to the Communications Manager.
Links to Other Sites
Information provided on this website is intended to allow the public access to information. While all attempts are made to provide accurate, current, and reliable information, the Rochester RHIO recognizes the possibility of human and/or mechanical error. Therefore, the Rochester RHIO, its employees, officers, agents and agencies make no representations as to the accuracy, completeness, currency, or suitability of the information provided by this website, and deny any expressed or implied warranty as to the same.