Skip to main content
Hospital for Special Surgery Logo
phone 1.212.606.1000
Make an Appointment
1.212.606.1000 Make an Appointment

Notice of Privacy Practices

THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

HSS values respect for our patients’ privacy. Not only is it what our patients expect, it is the right way to conduct health care. As required by law, we will protect the privacy of health information that may reveal your identity, and we will provide you a copy of this Notice, which describes the health information privacy practices of HSS and its medical staff and affiliated health care providers when providing health care services for HSS. If you have any questions about this Notice or would like further information, please contact the HSS Privacy Officer at (212) 774-7500.

Who Will Follow The Practices In This Notice?

We provide health care to our patients together with physicians and other health care professionals and organizations. The privacy practices described in this Notice will be followed by:

  • Health care professionals who provide direct services to treat you at any HSS location;
  • Employees, medical staff, trainees and volunteers who provide direct services to you at any HSS location; and
  • HSS business associates and their subcontractors.

Please note that the privacy practices described in this Notice do not apply when care is being provided to you in the private offices of your health care professionals, even if these offices are located on HSS premises. For example, if you are being treated by a doctor on our medical staff while you are an HSS inpatient, or being treated at an HSS outpatient clinic, this Notice will apply. If you are seen by the same doctor for a follow-up appointment at their private office, this Notice will not apply. The doctor should provide you with a separate notice of privacy practices applicable to their private office. In addition, the privacy practices in this Notice do not apply to HSS’s health care professionals when they treat you at other hospitals or facilities.

For information about how we use and disclose information collected through the MyHSS patient portal, please refer to our MyHSS Privacy Policy and MyHSS Terms of Use. If there is a conflict between this Notice and the MyHSS Privacy Policy or MyHSS Terms of Use, this Notice will apply to the extent that Protected Health Information (as defined by the Department of Health and Human Services) is involved.

How We May Use And Disclose Your Health Information

We will generally obtain your written authorization before using your health information or sharing it with others outside of HSS. There are some situations, described below, when we do not need your written authorization before using your health information or sharing it with others. If your health information is disclosed to a recipient pursuant to any of the applicable purposes described in this Notice, it is possible that such health information may be subject to further redisclosure by the recipient and no longer protected by the requirements of this Notice.

1.    Treatment, Payment, and Health Care Operations

We may use your health information or share it with others to treat you, obtain payment for that treatment, and run our health care operations. In some cases, we may also disclose your health information for payment activities and certain health care operations of another health care provider or payor.

Treatment

We may share your health information with HSS doctors, nurses and other health care providers who are involved in taking care of you, and they may in turn use that information to diagnose or treat you. Your HSS doctor may also share your health information with another doctor or provider to whom you have been referred for further health care.

Payment

We may use your health information or share it with others so that we may obtain payment for your health care services. For example, we may share information about you with your health insurance company to obtain reimbursement after we have treated you, or to determine whether it will cover your treatment. We might also need to inform your health insurance company about your health condition to obtain pre-approval for your treatment, such as admitting you for a particular type of surgery. Finally, we may share your information with other health care providers and payors for their payment activities.

Health Care Operations

We may use your health information or share it with others to conduct our health care operations. For example, we may use your health information to evaluate the performance of our staff in caring for you, or to educate our staff on how to improve the care they provide. In addition, we may share your health information with other health care providers and payors for certain of their health care operations if the information is related to a relationship the provider or payor currently has or previously had with you, and if the provider or payor is required by federal law to protect the privacy of your health information.

Health Information Exchanges

We may participate in health information exchanges, enabling us to share your health information electronically with other health care providers in the course of providing care for you, as permitted by state and federal law. If you are interested in opting out or changing your health information exchange choice, please contact HSS Health Information Management at (212) 606-1254.

Appointment Reminders, Treatment Alternatives, or Distribution of Health-Related Benefits and Services

In the course of providing treatment to you, we may use your health information to contact you with a reminder that you have an appointment for treatment or services. We may also use your health information to recommend possible treatment alternatives or health-related benefits and services that may be of interest to you. However, to the extent a third party provides financial remuneration to us so that we make these treatment-related or health care operations-related communications to you, we will secure your authorization in advance as we would with any other marketing communication (as described later in this Notice).

Fundraising

Fundraising is a communication from HSS or one of its business associates, or by HSS’s affiliated support organization, The Hospital for Special Surgery Fund, Inc., for the purpose of raising funds to further HSS’s missions of patient care, research, and education, including appeals for money or sponsorship of events. We may use certain information about you for fundraising, including demographic information (such as your age, date of birth, and gender, and where you live or work), your insurance status, the dates when you received services from us, and information about the HSS department where you received services, the identity of your treating physician(s), and the outcome of your treatment. You have the right to opt- out of future fundraising communications and can do so by following the opt-out instructions provided as part of the fundraising communication.

Business Associates

We may disclose your health information to contractors, agents and other business associates who need the information to assist us with obtaining payment or carrying out our health care operations. For example, we may share your health information with a billing company that helps us to obtain payment from your insurance company. Another example is that we may share your health information with an accounting firm or law firm that provides professional advice to us about how to improve our health care services and comply with the law. If we do disclose your health information to a business associate, we will have a written contract that requires our business associate to protect the privacy of your health information.

2.    Patient Directory and Family and Friends Involved in Your Care

We may use your health information in, and disclose it from, our patient directory, or share it with family and friends involved in your care, without your written authorization. You will have an opportunity to object to these uses and disclosures of your health information, unless there is insufficient time because of a medical emergency (in which case we will discuss your preferences with you as soon as the emergency is over). We will follow your wishes, unless we are required by law to do otherwise.

Patient Directory

We generate and maintain a daily list of patients currently admitted (e.g., for inpatient care or outpatient procedures) to an HSS facility. If you do not object, we will include your name and your location in this list. This information may be released to people who ask for you by name (e.g., family members looking to visit you or flower shops attempting to deliver flowers to you). We also generate and maintain a daily list of patients currently admitted to an HSS facility that includes patients’ religious affiliations, in addition to patients’ names and locations. These religious affiliations may be given to a member of the clergy, such as a priest or rabbi, even if the clergy doesn’t ask for a patient by name. These lists essentially act as a patient directory, in compliance with HIPAA privacy regulations. If you would prefer that we not include your information in one or either of these lists, you may contact the HSS Privacy Officer at (212) 774-7500.

Family and Friends Involved in Your Care

If you do not object, we may share your health information with a family member, relative, or close personal friend who is involved in your care or payment for that care. We may also notify a family member, personal representative, or another person responsible for your care about your location within an HSS facility and general condition. In some cases, we may need to share your information with a disaster relief organization that will help us notify these persons.

3.    Emergencies or Public Need
We may use your health information, and share it with others, to treat you in an emergency or to meet important public needs. We will not be required to obtain your written authorization or to provide you with an opportunity to object before we use or disclose your health information for these reasons. We will, however, obtain your written authorization for, or provide you with an opportunity to object to, the use and disclosure of your health information in these situations when state law specifically requires that we do so.

Emergencies. We may use or disclose your health information if you need emergency treatment or if we are required by law to treat you.

As Required by Law. We may use or disclose your health information if we are required by law to do so. In certain situations, we may notify you of disclosures we make that were required by law.
 
Public Health Activities. We may disclose your health information to authorized public health officials (or a foreign government agency collaborating with such officials) so they may carry out their public health activities. For example, we may share your health information with government officials that are responsible for controlling disease, injury, or disability. We may also disclose your health information to a person who may have been exposed to a communicable disease or be at risk for contracting or spreading the disease if the law requires or permits us to do so. Further, we may release some health information about you to your employer if your employer hires us to provide you with a physical exam and we discover you have a work-related injury or disease that your employer must know about to comply with employment laws.

Victims of Abuse, Neglect, or Domestic Violence. We may release your health information to a public health authority that is authorized to receive reports of abuse, neglect, or domestic violence. For example, we may report your information to government officials if we reasonably believe you have been a victim of abuse, neglect, or domestic violence. We will make efforts to obtain your permission before releasing this information, but in some cases, we may be required or authorized to act without your permission.
Health Oversight Activities. We may release your health information to government agencies authorized to conduct audits, investigations, and inspections of our facilities. These government agencies monitor the operation of the health care system, government benefit programs such as Medicare and Medicaid, and compliance with government regulatory programs and civil rights laws.

Product Monitoring, Repair, and Recall. We may disclose your health information to a person or company regulated by the Food and Drug Administration for the purpose of: (1) reporting or tracking product defects or problems; (2) repairing, replacing, or recalling defective or dangerous products; or (3) monitoring the performance of a product after it has been approved for use by the general public.

Law Enforcement, & Judicial and Administrative Proceedings. We may disclose your health information to law enforcement officials for the following reasons:

  • To comply with court orders or laws we are required to follow;
  • To assist law enforcement officers with identifying or locating a suspect, fugitive, witness, or missing person;
  • If you have been the victim of a crime and we determine: (1) we have been unable to obtain your agreement because of an emergency or your incapacity; (2) law enforcement officials need this information immediately to carry out their law enforcement duties; and (3) in our professional judgment disclosure to these officers is in your best interests;
  • If we suspect your death resulted from criminal conduct;
  • If necessary to report a crime that occurred on our property; or
  • If necessary to report a crime discovered during an offsite medical emergency (for example, by emergency medical personnel at the scene of a crime).

To Avert a Serious and Imminent Threat to Health or Safety. We may use your health information or share it with others when necessary to prevent a serious and imminent threat to your health or safety, or the health or safety of another person or the public. In such cases, we will share your information only with someone able to help prevent the threat. We may also disclose your health information to law enforcement officers if you tell us that you participated in a violent crime that may have caused serious physical harm to another person (unless you admitted that fact while in counseling), or if we determine you escaped from lawful custody (such as a prison or mental health institution).
National Security and Intelligence Activities or Protective Services. We may disclose your health information to authorized federal officials who are conducting national security and intelligence activities or providing protective services to the President or other important officials.

Military and Veterans. If you are in the Armed Forces, we may disclose health information about you to appropriate military command authorities for activities they deem necessary to carry out their military mission. We may also release health information about foreign military personnel to the appropriate foreign military authority.

Inmates and Correctional Institutions. If you are an inmate or you are detained by a law enforcement officer, we may disclose your health information to the prison officers or law enforcement officers if necessary to provide you with health care, or to maintain safety, security, and good order at the place where you are confined. This includes sharing information that is necessary to protect the health and safety of other inmates or persons involved in supervising or transporting inmates.

Workers’ Compensation. We may disclose your health information for workers’ compensation or similar programs that provide benefits for work-related injuries.
Coroners, Medical Examiners, and Funeral Directors. In the unfortunate event of your death, we may disclose your health information to a coroner or medical examiner. This may be necessary, for example, to determine the cause of death. We may also release your health information to funeral directors as necessary to carry out their duties.

Organ and Tissue Donation. In the unfortunate event of your death, we may disclose your health information to organizations that procure or store organs, eyes, or other tissues so that these organizations may investigate whether donation or transplantation is possible under applicable laws.

Downloads

Download the Notice of Privacy Practices in:

Download GDPR Privacy Disclosures

Effective Date: April 14, 2003. Revision Date: March 26, 2025.