Notice of Privacy Practices
Effective Date: July 2017
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
OUR PLEDGE REGARDING YOUR MEDICAL INFORMATION:
This notice is intended to inform you about our practices related to the protection of your medical information. We are required by law to follow the terms of the notice that is currently in effect.
This notice will explain how we may use and disclose your medical information, our obligations related to the use and disclosure of that medical information, and your rights related to medical information we have and maintain about you. When we use the words “medical information,” we mean individually identifiable health information, known as protected health information or “PHI.” This notice applies to all such information about your past, present, or future health or conditions; genetic information; pharmacy and prescription records; the provision of health care services; and the payment for those health care services.
We may obtain, but we are not required to obtain, your consent for the use or disclosure of your medical information for treatment, payment, or health care operations. We are required to obtain your authorization for the use or disclosure of information for other specific purposes or reasons. We have listed some of the types of uses or disclosures below. Not every use or disclosure is covered, but all of the ways that we are allowed to use and disclose information will fall into one of the categories.
WHO WILL FOLLOW THIS NOTICE: CoxHealth facilities, departments, clinics and Affiliated Covered Entities, including but not limited to: Lester E. Cox Medical Centers; Ferrell-Duncan Clinic; SNI Imaging; Cox Medical Group; CoxHealth Pharmacy; Springfield Neurological and Spine Institute; Regional Services; Ozarks Dialysis; Oxford HealthCare; Cox HPS of the Ozarks, Inc.; Cox HealthPlans; Cox-Monett Hospital, Inc.; Cox Medical Center Branson; Medical Developments, Inc.; Cancer Research for the Ozarks; and any new corporate entity created or acquired by CoxHealth in the future. This Notice also applies to all employees, physicians, allied health professionals, contractors, medical staff credentialed providers, volunteers, and students conducting internships or clinical practice in our facilities. These individuals may share medical information as described in this Notice of Privacy Practices. These participants are hereinafter referred to collectively with the hospital as “CoxHealth”.
Your Rights -
When it comes to your medical information, you have the right to:Get an electronic or paper copy of your medical record and other health information. We will provide a copy or a summary of your health information, usually within 30 days of your request. We are allowed to charge a reasonable, cost-based fee for this service. Please contact the Health Information Management Department at (417) 269‑7647 for copies.
Ask us to correct or amend your medical record if you believe it to be incorrect or incomplete. We have the right to deny your request, but we will tell you why in writing within 60 days. Please contact Health Information Management for information on this process at (417) 269-7647.
Request confidential communications or ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. We will agree to all such requests that are reasonable. Please let staff know if you have such a request.
Ask us not to use or share certain information. We are not required to agree to your request unless a law requires us to share that information. We may also deny the request if it would affect your care. In addition, if you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment with your health insurer. Please let the HIPAA Privacy and Security Officer know if you have such a request.
Get a list of those with whom we have shared your information (accounting of disclosures) for the 6 years prior to the date of your request, who we shared it with, and why. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We will provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months. Please contact the HIPAA Privacy and Security Officer for an accounting of disclosures.
Promptly get a copy of this privacy notice in paper or electronic form upon request. Please contact the HIPAA Privacy and Security Officer for an additional copy of this notice or our website, www.coxhealth.com.
Choose someone to act for you, exercise your rights and make choices about your health information. We will make sure this person has legal authority to act on your behalf before we take any action. Please let registration, case management or care staff know if you have such a request.
Be notified. If there is a breach of unsecured PHI concerning you, we may be required to notify you of this breach, including what happened and what you can do to protect yourself.
File a complaint if you feel your privacy rights are violated by contacting the HIPAA Privacy and Security Officer. You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1‑877‑696‑6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.
Our Uses and Disclosures -
We typically use or share your medical information in the following ways:For Treatment. We can use your medical information and share it with other professionals who are treating you. For example:
- A doctor treating you for an injury asks another doctor about your overall health condition.
- A physician treating you needs to look at your information to see what drugs you are allergic to before prescribing medication.
- Departments or entities throughout CoxHealth may share your medical information to coordinate your care or to provide your physician or a subsequent health care provider with copies of various reports that will assist in treating you once you are discharged from care.
- We may share and receive prescription information with a prescription database utilized in electronically prescribing medications for your treatment, including reviewing and accessing prescriptions prescribed outside the CoxHealth system.
- We may use health information about you to manage your treatment and services within our hospitals and clinics.
- We may disclose your medical information to outside organizations or providers in order for them to provide services to you on our behalf, such as with a referral for care.
- We may use or disclose your medical information to evaluate our staff’s performance in caring for you or to combine it with that of other patients to allow us to evaluate whether CoxHealth should offer additional services, discontinue services or determine the effectiveness of services.
- We may give information about you to your health insurance plan so it will pay for your services.
- We may give information about you to our outside billing companies, collections agencies or other covered entities that have provided services to you on our behalf (such as ambulance service providers, Emergency Physicians of Springfield, Litton-Giddings Radiological Associates, Inc., Ozark Anesthesia Associates, Inc., and Pathology Services of Springfield, P.C.) so they can collect a payment from you. Please be aware that you may receive separate bills from these independent groups.
- We may disclose your medical information to a court of law in order to collect an unpaid account.
How else can we use or share your health information? We can also share your information in the following ways:
- To help with public health and safety issues. We can share health information about you for certain situations such as: preventing or notifying others about certain diseases; helping with product recalls; reporting adverse reactions to medications; reporting suspected abuse, neglect, or violence; in an emergency or disaster event; to a public health reporting authority; for health oversight activities such as audits, investigations, inspections and licensures; and for preventing or reducing a serious threat to anyone’s health or safety (any such disclosure would only be to someone able to help prevent the threat).
- For research.
- To comply with local, state, and federal law.
- To respond to organ and tissue donation requests.
- To work with a medical examiner, coroner or funeral director.
- To address workers’ compensation, criminal activity, law enforcement, and other government requests. We can use or share medical information about you for workers’ compensation claims; for law enforcement purposes or about inmates with a law enforcement official; with health oversight agencies for activities authorized by law; for determination by the Department of Veterans affairs for military or veteran eligibility for benefits; for special government functions such as military or national security; and presidential protective services.
- To respond to lawsuits, legal actions, administrative orders, or in response to a subpoena.
- Immunization records. We are required to obtain agreement, whether in writing or verbally, from a parent, guardian, or person acting in loco parentis prior to disclosing or providing proof of immunizations to an educational institution admitting a minor student. No separate written HIPAA authorization is required for this action by CoxHealth.
- Available Services. We may use or disclose your medical information to provide you with material or data about or recommendations of possible treatment options, alternatives, health benefits or services that may interest you, unless you tell us otherwise.
- Special Circumstances. In addition, CoxHealth reserves the right to allow your medical information to be de-identified and aggregated by CoxHealth or third parties in accordance with all applicable laws for uses such as research, public health activities, or other health care operations.
Your Choices -
For certain medical information, you can tell us your choices about what we share. For example:Facility Directories (Hospital patients only). A facility directory may include your name, your location in the facility, your general condition, and your religious affiliation (if provided by you). Unless you tell us otherwise, you will be included in the directory and information may be disclosed to people who ask for you by name. Unless you object, visiting community clergy or their designated staff may obtain your religious affiliation without asking for you by name. This can be prevented by not providing your religious affiliation or by affirmatively objecting. Be sure to let staff know of your preference.
Individuals Involved in your Care. We will only disclose your medical information to a member of your family, a relative, or any other person you identify and we will limit such information to that which directly relates to that person’s involvement in your care, unless you tell us otherwise. You will be asked to provide the names of these individuals. We are further permitted to make relevant disclosures to a deceased person’s family and friends under essentially the same circumstances such disclosures were permitted when the patient was alive as long as CoxHealth is unaware of an expressed preference to the contrary.
In an Emergency. Unless we know otherwise, we can use or disclose your medical information in an emergency situation. If this happens, we will try to obtain your permission as soon as reasonably practicable after the delivery of treatment or disclosure.
Appointment Reminders/Scheduling/Follow-up Calls. We may use and disclose medical information to contact you about an appointment, a referral visit, or to follow-up with you after a visit. For example, unless you tell us not to do so, we may leave a brief reminder on your answering machine or voicemail system about an appointment or procedure.
Fundraising Activities. We may use or disclose your demographic information, your health insurance status, general department of service information, treating physician information, outcome information and the dates you received treatment, as necessary, in order to contact you for fundraising activities supported by our organization. You have the right to opt out of such solicitations by notifying in writing the on-site Privacy Manager or the HIPAA Privacy and Security Officer.If you are not able to tell us your preferences in the above situations (for example, if you are unconscious), we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
We may never share your information without permission for marketing purposes; any transaction in which CoxHealth receives direct or indirect financial remuneration in exchange for your medical information; or share psychotherapy notes with other providers.
Our Responsibilities -
We are required by law to maintain the privacy and security of your protected health information and to let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We must follow the duties and privacy practices described in this notice and give you a copy of it.
We will not use or share your information other than as described here unless you tell us we can do so in writing. If you tell us we can, you may change your mind at any time by letting us know in writing. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
Changes to the Terms of this Notice. We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our clinics and facilities, and on our website, www.coxhealth.com.
If you have any questions about this Notice, please contact:
CoxHealth HIPAA Privacy and Security Officer
3801 South National Avenue
Springfield, Missouri 65807
Telephone: 417-269-6068 or 1-888-340-5297
The information on this web site is for informational purposes only, and is not intended to provide medical or other professional advice. If you suspect you may have a health problem, you should contact your health care provider for specific advice suitable to your situation.
Although CoxHealth makes reasonable efforts to provide accurate and complete information, we cannot guarantee the accuracy, completeness or usefulness of any information or materials contained on this web site. Visitors to this web site assume the risk of using any information or materials contained herein.
CoxHealth provides links to other web sites solely for the convenience of the visitors to our web site. CoxHealth takes no responsibility for the content or information contained on any other site, and does not recommend, endorse or approve any materials, products or services which may be available or advertised on any other site.
Visitors to our web site are advised that CoxHealth cannot guarantee the confidentiality and security of electronic mail submitted via the Internet.
CoxHealth reserves all rights to the information on this web site, including the right of distribution. Information on this web site may be protected under copyright laws.
As a user of this site, you take on certain risks and responsibilities. You also have the right to know how we protect your privacy and ensure your confidentiality and what you should expect from us.
Your Role, Responsibilities, and Risks
Pay special attention to your risks as a user. Web site users open themselves up to certain risks, such as data collection.
Understand how we collect data and how it is used. It is our goal to protect your personal information from misuse. We do, however, offer programs that collect data for special reasons, such as research, scientific studies, and statistics, in which case you may be interested in participating.
Be aware that use of this site, its services, programs, and the health information on it cannot replace nor is it intended to serve as a health care provider-patient relationship. You must always consult with a professional for diagnosis and treatment for specific health problems.
What You Should Expect From Us
It is our goal to ensure your trust and confidence by providing you with as much information as we can about data collection procedures and information when needed.
We will not intentionally use your data without your permission, unless for purposes of maintaining the site or for reviewing the site's use.
We will make every effort to notify you accordingly of all data collection practices.
It is our intention to clearly inform you when your risks or privacy may change during the course of using this site.
It is our goal to make you aware when you leave our site for another, either by telling you in writing or by another technical mechanism.
We want you to know that this system operates on a secure server and your personal and professional information and health-related personal information is encrypted before it is transmitted. Encryption is a form of scrambling and de-scrambling that ensures that no unauthorized person can see your information.
We will separate health information content from advertising and sponsorship programs so you can distinguish between the two.
Where health professionals may interact with consumers, we will make every effort to tell you if this establishes a patient-provider relationship and make available the credentials and qualifications of professionals.
We will not accept or show you health information content, advertising, sponsored programs, or services that we know to contain false or misleading information or that promote ineffective or dangerous products.
Our Security Measures
Although we make every reasonable effort to protect personal information and health-related personal information from loss, misuse, or alteration by third parties, you should be aware that there is always some risk involved in transmitting information via the Internet and that hackers or thieves do find ways to thwart security systems.
About the Information We Collect
We understand that the personal information and health-related personal information you provide during your visit to our site is highly sensitive and you may have concerns about sharing such information with us. It is our goal to protect your privacy and we strive to develop practices and policies to safeguard your personal and health-related personal information.
At different places on our site, you may be asked to volunteer your name, e-mail, address and telephone number. We refer to this type of information as "personal information" because it can be used to identify or contact you. When this information is combined with any information on your health or medical status, we refer to this information as "health-related personal information." We often collect information on site use that has nothing to do with you as an individual, only as an anonymous user of the site. We call this information "aggregate information." We intend to use the personal information, health-related personal information, and aggregate information only for the purposes for which it was provided.
Some personal information and health-related personal information is needed to use this site, and we ask that you provide it with the knowledge that it will be used to enhance your experience. This information is kept confidential. We do offer special data collection programs that you can "opt-in" to use, in some cases to receive e-mail on health topics or to participate in a new service. For opt-in programs we provide you, when applicable, with detailed information on:
Who is collecting the data;
What data are collected;
Why and how the data are transferred to a third party;
How the data are being used;
How long the data are being collected;
Who has access to the data;
What revenue that is generated from data use in relation to advertisers and sponsors; and
How to opt-out of data collection.
Where this Information Is Collected
We collect information about you at several places throughout the site. You will be informed on how this information is collected at that time. You will also have the ability to opt-in to information collection when you enter the site or use a service. Most information is collected in the following instances:
In order to have access to all of the services and content available on our site, you are required to complete a registration form that requests certain information, such as name, telephone number and e-mail address. In addition, you are asked during registration to tell us about health topics that you are interested in. We offer specialized registration for certain programs, events, and classes that may request some or all of the above information.
We may use your registration information to send you an e-mail confirming your registration with our site, to respond to questions from you, or to notify you if there is a problem with any order for goods or services that you placed. We may also, from time to time, send e-mails, with your permission, on special promotions or newsletters we think may be of interest to you.
Some of the interactive tools on our site ask you for personal information and health-related personal information. Specifically, our health risk assessment tools may ask for information on your personal and/or family medical history including height, weight, blood pressure, history of certain conditions and/or diseases and medication history. Our health care professional directory may ask you for information on your insurance plan and geographic location in order to identify listed professionals in your area. The health risk assessment tools use the personal health information you provide to generate a personal health record to help you manage your health. Your personal health record is kept strictly confidential and can only be accessed by using your password and login ID. We will make every effort not to use or disclose your personal health record to any one without your express consent. In some cases, you can permit your physician, pharmacist or other health care-related professional to have access to your personal health record.
Chat Rooms/Bulletin Boards
Chat Rooms/Bulletin Boards - As a service to our users, we may feature chat rooms/bulletin boards where users with similar medical conditions can share information and support one another. In addition, we may also offer online discussions on a variety of topics moderated by medical experts. You should be aware that any information shared in a chat room/bulletin board is public information and you should think carefully before disclosing any personal and/or health-related personal information in any chat room/bulletin board.
When this service is offered on this site and you purchase nonprescription products and services from us, such as ordering flowers for delivery to a local hospital, we will request that you provide your name, e-mail address, credit card number and expiration date, phone number and billing and shipping addresses.
If you order prescription drugs or medical equipment, we will ask for all of the information above, as well as the information that you would ordinarily provide to your pharmacist, including your prescribing doctor's name, your residential address, your gender and birth date, any drug allergies and existing medical conditions. If applicable, we will also ask for your health insurance information including the name, address and telephone number of your insurer and your member identification number (which may be your social security number). We may also ask for additional information about your current prescriptions and medical history.
This information will help us provide you with the necessary information to make the safest and most effective use of your prescription medication or equipment. This information will be kept in the strictest confidence. We will make every effort to maintain the privacy and security of this information at all times.
Your browser software can be set to reject all cookies, including cookies from our site. Most browsers offer instructions on how to reset the browser to reject cookies in the Help section of the toolbar. If you reject our cookie, certain functions and conveniences of the site may not work properly. You do not have to accept our cookie in order to productively use our site. If you accept our cookie, we will never link the cookie to personal information and/or health-related personal information you provide to us. We will not allow other sites or third parties to use our cookies.
How We Use Your Personal Information
We continually seek new ways to maintain your trust as a user and improve our offerings. To provide new and better services, we tend to monitor user traffic patterns and try to analyze what our users like and do not like about our current offerings so we can design better services for you. We may also use certain information for testing purposes, site development and planning, and during the normal course of maintaining the site. When you use our site, you automatically allow us to collect this information. In these cases, researchers, business analysts, system designers, and others may have access to the data we collect.
We do not intend to use or disclose any personal information or health-related personal information you provide on our site to an unrelated third party without your express permission, except as explained in this section. You should know that there are circumstances when, in the ordinary course of business, we will share some information about you with a related third party.
If you have insurance coverage for your prescriptions, your insurance company or prescription benefit manager may have access to information about your orders so they can process your benefits or assist you with your prescription orders, if necessary. This information is shared in accordance with the terms of your health plan and the information remains confidential.
We may also share aggregate statistical information on our users, sales, traffic patterns and site usage with our business partners and sponsors. There is nothing in this information that could be used to identify or contact you.
We may, from time to time, contract with vendors to provide specific services, such as data analysis, data storage, e-mail processing, customer service, sweepstakes or special promotions. We ask vendors to adhere to our confidentiality standards and do not permit a vendor to use our customer information for any other purpose. In many of these instances, you will be given the opportunity to opt-in to this collection of information and can opt-out at any time.
We may share registration data with business partners that maintain a co-branded service or content, only with your affirmative consent. For more information on co-branded sites, read the information below on our relationships with third parties.
In certain limited circumstances, we may be legally compelled to release your personal information in response to a court order, subpoena, search warrant, law or regulation. In the event that we are compelled to disclose personal information and/or health-related personal information to a third party, we will notify you unless doing so would violate the law or court order. We also reserve the right to cooperate with law enforcement authorities in investigating and prosecuting users that violate our rules or engage in behavior that is harmful (or illegal) to other users.
Our Relationship with Third Parties
We request that third-party vendors supply us with information on their security procedures, and we evaluate them periodically to ensure that they are using data in the agreed upon way. You should know that our relationship with some third party vendors provide us with revenues based on the number of users who view an advertisement or use a sponsored or co-branded program. These revenues are based on the use of a site and not on you as an individual.
In some cases we also receive revenue from the use of external services, such as buying flowers online or other such services, and may get a commission on specific purchases made online. In addition, we may allow third-party vendors to buy aggregate data collected on our site but that data cannot be used to identify you. There are three types of relationships that differ from our standard business partner relationship in which we license content or a product for integration. These exceptions are:
Sponsored or Co-branded Sites
We allow other companies to make services and/or content available to you, sometimes on a sponsored or co-branded basis. To access the services on a sponsored or co-branded site, you may have to complete an online registration form in addition to the registration you completed for us. Whenever you provide registration information on sponsored or co-branded sites, data can be collected. You should read the individual privacy policies of sponsored or co-branded sites. Reading the policies will help you make an informed decision on whether or not you want to use the site.
You should know that we might allow advertising to be coordinated with health information content on our site. This happens through linking up identification codes with an ad and a health topic. In no way is your use of this site and the health information you view directly connected with advertising.
Our Children's Policy
Parents and guardians of minors who permit their children to use our site should be aware that any information volunteered by a child in a chat room, bulletin board, moderated online discussion or other public forum on our site could be used by other persons participating or observing activities on the site to contact the child via e-mail or in some other manner. We do not have control over the actions of these third parties and are not responsible for any contacts that may occur. When it is brought to our attention that a 13 or under user has volunteered personal information on a chat room or other public forum on our site, we will delete such information from our active databases in accordance to our deletion policy.
To obtain more information on a child's use of this site, parents or guardians can contact us in writing using the address in our Contact Us link.
Your Privacy Choices
Change/Update Personal Information
You may change or update your personal information and/or health-related personal information at any time by contacting us in writing using the address in our Contact Us link.
Remove or Delete Personal Information
You may remove previously provided personal and/or health-related personal information at any time by contacting us in writing using the address in our Contact Us link.
Users should be aware that it is not always technically possible to remove or delete the information you provide to us. We back-up our systems to protect information from inadvertent loss, and that means a copy of your personal information may exist in a non-erasable form that may be difficult or impossible for us to locate. Nevertheless, upon receiving your request we will try to remove or delete all personal information and/or health-related personal information stored in the databases that we use for research and daily business activities. We will not intentionally disclose any personal information stored in a non-erasable format after receiving your request for removal, except as required by law.
There are certain restrictions on your ability to correct, update or remove the health information you enter into a personal health record. If your doctor or other health care professional has access to your personal health record, and they add information to that record, your personal record could be considered an official medical record for legal purposes. In this case, information cannot be deleted or removed, only updated or annotated.
We want you to rely on us as a trustworthy, quality resource of health information. Medical experts have reviewed the content on this site for clinical accuracy. You'll have information on who wrote an article and when it was written and updated.