Notice of Privacy Practices

THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

HSS values respect for our patients’ privacy. Not only is it what our patients expect, it is the right way to conduct health care. As required by law, we will protect the privacy of health information that may reveal your identity, and we will provide you a copy of this Notice, which describes the health information privacy practices of HSS and its medical staff and affiliated health care providers when providing health care services for HSS. If you have any questions about this Notice or would like further information, please contact the HSS Privacy Officer at (212) 774-7500.

Who Will Follow The Practices In This Notice?

We provide health care to our patients together with physicians and other health care professionals and organizations. The privacy practices described in this Notice will be followed by:

Health care professionals who provide direct services to treat you at any HSS location;
Employees, medical staff, trainees, students, and volunteers who provide direct services to you at any HSS location; and
HSS business associates and their subcontractors.

How We May Use And Disclose Your Health Information

For information about how we use and disclose information collected through the MyHSS patient portal, please refer to our MyHSS Privacy Policy and MyHSS Terms of Use. If there is a conflict between this Notice and the MyHSS Privacy Policy or MyHSS Terms of Use, this Notice will apply to the extent that Protected Health Information (as defined by the Department of Health and Human Services) is involved.

We will generally obtain your written authorization before using your health information or sharing it with others outside of HSS. There are some situations, described below, when we do not need your written authorization before using your health information or sharing it with others. If your health information is disclosed to a recipient pursuant to any of the applicable purposes described in this Notice, it is possible that such health information may be subject to further redisclosure by the recipient and no longer protected by the requirements of this Notice.

1. Treatment, Payment, and Health Care Operations

We may use your health information or share it with others to treat you, obtain payment for that treatment, and run our health care operations. In some cases, we may also disclose your health information for payment activities and certain health care operations of another health care provider or payor.

Treatment

We may share your health information with HSS doctors, nurses and other health care providers who are involved in taking care of you, and they may in turn use that information to diagnose or treat you. Your HSS doctor may also share your health information with another doctor or provider to whom you have been referred for further health care.

Payment

We may use your health information or share it with others so that we may obtain payment for your health care services. For example, we may share information about you with your health insurance company to obtain reimbursement after we have treated you, or to determine whether it will cover your treatment. We might also need to inform your health insurance company about your health condition to obtain pre-approval for your treatment, such as admitting you for a particular type of surgery. Finally, we may share your information with other health care providers and payors for their payment activities.

Health Care Operations

We may use your health information or share it with others to conduct our health care operations. For example, we may use your health information to evaluate the performance of our staff in caring for you, or to educate our staff on how to improve the care they provide. In addition, we may share your health information with other health care providers and payors for certain health care operations if the information is related to a relationship the provider or payor currently has or previously had with you, and if the provider or payor is required by federal law to protect the privacy of your health information.

Recording and Transcription of Clinical Encounters

To help our health care providers document and manage your care, we may use voice recording technology that records and transcribes conversations between you and your HSS health care provider during your visit. This technology allows your provider to focus more on you and less on note taking, helping ensure you receive the highest quality care. Your recorded protected health information may only be used in accordance with this notice.

Health Information Exchanges

Health Information Exchanges. We may participate in health information exchanges, enabling us to share your health information electronically with other health care providers in the course of providing care for you, as permitted by state and federal law. If you are interested in opting out or changing your health information exchange choice, please contact HSS Health Information Management at (212) 606-1254.

Appointment Reminders, Treatment Alternatives, or Distribution of Health-Related Benefits and Services

In the course of providing treatment to you, we may use your health information to contact you with a reminder that you have an appointment for treatment or services. We may also use your health information to recommend possible treatment alternatives or health-related benefits and services that may be of interest to you. However, to the extent a third party provides financial remuneration to us so that we make these treatment-related or health care operations-related communications to you, we will secure your authorization in advance as we would with any other marketing communication (as described later in this Notice).

Fundraising

Fundraising is a communication from HSS or one of its business associates, or by HSS’s affiliated support organization, The Hospital for Special Surgery Fund, Inc.(the Fund), for the purpose of raising funds to further HSS’s and its affiliates’ missions of patient care, research, and education, including appeals for money or sponsorship of events. We may use certain information about you for fundraising, including demographic information (such as your age, date of birth, and gender, and where you live or work), your insurance status, the dates when you received services from us, and information about the HSS department where you received services, the identity of your treating physician(s), and the outcome of your treatment. You have the right to opt-out of future fundraising communications and can do so by following the opt-out instructions provided as part of the fundraising communication.

Business Associates

We may disclose your health information to contractors, agents and other business associates who need the information to assist us with obtaining payment or carrying out our health care operations. For example, we may share your health information with a billing company that helps us to obtain payment from your insurance company. Another example is that we may share your health information with an accounting firm or law firm that provides professional advice to us about how to improve our health care services and comply with the law. If we do disclose your health information to a business associate, we will have a written contract that requires our business associate to protect the privacy of your health information. We may also allow for our business associates to de-identify your health information to be used for the benefit of HSS or the benefit of the business associate, or to create, use and disclose limited data sets as described below in the section titled “Completely De-identified or Partially De-identified Information.”

2. Patient Directory and Family and Friends Involved in Your Care

We may use your health information in, and disclose it from, our patient directory, or share it with family and friends involved in your care, without your written authorization. You will have an opportunity to object to these uses and disclosures of your health information, unless there is insufficient time because of a medical emergency (in which case we will discuss your preferences with you as soon as the emergency is over). We will follow your wishes, unless we are required by law to do otherwise.

Patient Directory

We generate and maintain a daily list of patients currently admitted (e.g., for inpatient care or outpatient procedures) to an HSS facility. If you do not object, we will include your name and your location in this list. This information may be released to people who ask for you by name (e.g., family members looking to visit you or flower shops attempting to deliver flowers to you). We also generate and maintain a daily list of patients currently admitted to an HSS facility that includes patients’ religious affiliations, in addition to patients’ names and locations. These religious affiliations may be given to a member of the clergy, such as a priest or rabbi, even if the clergy doesn’t ask for a patient by name. These lists essentially act as a patient directory. If you would prefer that we not include your information in one or either of these lists, you may contact the HSS Privacy Officer at (212) 774-7500.

Family and Friends Involved in Your Care

If you do not object, we may share your health information with a family member, relative, or close personal friend who is involved in your care or payment for that care. We may also notify a family member, personal representative, or another person responsible for your care about your location and general condition within an HSS facility. In some cases, we may need to share your information with a disaster relief organization that will help us notify these persons.

3. Emergencies or Public Need

Emergencies

We may use or disclose your health information if you need emergency treatment or if we are required by law to treat you.

As Required by Law

We may use or disclose your health information if we are required by law to do so. In certain situations, we may notify you of disclosures we make that were required by law.

Public Health Activities

We may disclose your health information to authorized public health officials (or a foreign government agency collaborating with such officials) so they may carry out their public health activities. For example, we may share your health information with government officials that are responsible for controlling disease, injury, or disability. We may also disclose your health information to a person who may have been exposed to a communicable disease or be at risk for contracting or spreading the disease if the law requires or permits us to do so. Further, we may release some health information about you to your employer if your employer hires us to provide you with a physical exam and we discover you have a work-related injury or disease that your employer must know about to comply with employment laws.

Victims of Abuse, Neglect, or Domestic Violence

We may release your health information to a public health authority that is authorized to receive reports of abuse, neglect, or domestic violence. For example, we may report your information to government officials if we reasonably believe you have been a victim of abuse, neglect, or domestic violence. We will make efforts to obtain your permission before releasing this information, but in some cases, we may be required or authorized to act without your permission.

Health Oversight Activities

We may release your health information to government agencies authorized to conduct audits, investigations, and inspections of our facilities. These government agencies monitor the operation of the health care system, government benefit programs such as Medicare and Medicaid, and compliance with government regulatory programs and civil rights laws.

Product Monitoring, Repair, and Recall

We may disclose your health information to a person or company regulated by the Food and Drug Administration for the purpose of: (1) reporting or tracking product defects or problems; (2) repairing, replacing, or recalling defective or dangerous products; or (3) monitoring the performance of a product after it has been approved for use by the general public.

Lawsuits and Disputes

We may disclose your health information if we are ordered to do so by a court or administrative tribunal that is handling a lawsuit or other dispute.

Law Enforcement, & Judicial and Administrative Proceedings

We may disclose your health information to law enforcement officials for the following reasons:

To comply with court orders or laws we are required to follow;
To assist law enforcement officers with identifying or locating a suspect, fugitive, witness, or missing person;
If you have been the victim of a crime and we determine: (1) we have been unable to obtain your agreement because of an emergency or your incapacity; (2) law enforcement officials need this information immediately to carry out their law enforcement duties; and (3) in our professional judgment disclosure to these officers is in your best interests;
If we suspect your death resulted from criminal conduct;
If necessary to report a crime that occurred on our property; or
If necessary to report a crime discovered during an offsite medical emergency (for example, by emergency medical personnel at the scene of a crime).

To Avert a Serious and Imminent Threat to Health or Safety

We may use your health information or share it with others when necessary to prevent a serious and imminent threat to your health or safety, or the health or safety of another person or the public. In such cases, we will share your information only with someone able to help prevent the threat. We may also disclose your health information to law enforcement officers if you tell us that you participated in a violent crime that may have caused serious physical harm to another person (unless you admitted that fact while in counseling), or if we determine that you escaped from lawful custody (such as a prison or mental health institution).

National Security and Intelligence Activities or Protective Services

We may disclose your health information to authorized federal officials who are conducting national security and intelligence activities or providing protective services to the President or other important officials.

Military and Veterans

If you are in the Armed Forces, we may disclose health information about you to appropriate military command authorities for activities they deem necessary to carry out their military mission. We may also release health information about foreign military personnel to the appropriate foreign military authority.

Inmates and Correctional Institutions

If you are an inmate or you are detained by a law enforcement officer, we may disclose your health information to the prison officers or law enforcement officers if necessary to provide you with health care, or to maintain safety, security, and good order at the place where you are confined. This includes sharing information that is necessary to protect the health and safety of other inmates or persons involved in supervising or transporting inmates.

Workers’ Compensation

We may disclose your health information for workers’ compensation or similar programs that
provide benefits for work-related injuries.

Coroners, Medical Examiners, and Funeral Directors

In the unfortunate event of your death, we may disclose your health information to a coroner or medical examiner. This may be necessary, for example, to determine the cause of death. We may also release your health information to funeral directors as necessary to carry out their duties.

Organ and Tissue Donation

In the unfortunate event of your death, we may disclose your health information to organizations that procure or store organs, eyes, or other tissues so that these organizations may investigate whether donation or transplantation is possible under applicable laws.

Research

In most cases, we will ask for your written authorization before using your health information or sharing it with others to conduct research. However, under some circumstances, we may use and disclose your health information without your written authorization if we obtain approval through a special process to ensure that research without your written authorization poses minimal risk to your privacy. Under no circumstances, however, would we allow researchers to use your name or identity publicly. We may also disclose your health information without your written authorization to people who are preparing a future research project, or to allow researchers to determine if you might be eligible for a particular research study, provided that such a disclosure is made solely within our secure records, databases, electronic systems or facilities. In the unfortunate event of your death, we may share your health information with people who are conducting research using the information of deceased persons, as long as they agree not to remove from our facilities any information that identifies you.

We may allow researchers to use specimens or tissues removed from your body during a diagnostic procedure, survey, or medical treatment that would otherwise be discarded. Those specimens or tissues may be used together with your health information to conduct medical research in the same manner as other health information.

4. Completely De-identified or Partially De-identified Information

We and our business associates may use and disclose your health information if we or our business associates have removed any information that has the potential to identify you so that the health information is “completely de-identified.” Such de-identified information is no longer subject to the terms of this Notice. We and our business associates may also use and disclose “partially de-identified” health information, known as a “limited data set,” about you for research, public health, or health care operations purposes if the person who will receive the limited data set signs an agreement to protect the privacy of the information, as required by federal and state law. Limited data sets will not contain any information that would directly identify you (such as your name, street address, SSN, phone number, fax number, electronic mail address, website address, or license number).

5. Incidental Disclosures

While we will take reasonable steps to safeguard the privacy of your health information, certain disclosures of your health information may occur during, or as an unavoidable result of, our otherwise permissible uses or disclosures of your health information. For example, during the course of a treatment session, other patients in the treatment area may see, or overhear discussion of, your health information.

Uses And Disclosures Of Your Health Information Requiring Authorization

As stated above, we cannot and will not use or disclose your health information without your written authorization for any reason except those described in this Notice. For example, we require your written authorization for most uses or disclosures of your health information for certain marketing purposes, for the sale of health information, or with respect to psychotherapy notes

If you provide us with written authorization, you may revoke, or cancel, that written authorization at any time, except to the extent that we have already relied upon it. If you revoke the authorization, we will no longer use or disclose your health information for the reasons covered by your written authorization. Your revocation will not affect any uses or disclosures we have already made prior to the date we receive notice of the revocation. To revoke a written authorization, please write to HSS Health Information Management at 535 East 70th Street, New York, NY 10021 or to ROIrequest@hss.edu.

Special Protections for Certain Types of Health Information

Special privacy protections apply to AIDS and HIV-related information, substance use disorder treatment information, mental health information, and genetic information. For example, New York law prohibits the disclosure of confidential AIDS and HIV-related information, unless authorized by law or pursuant to a properly executed release form. If your treatment involves any of these types of information, you may be provided with special authorization forms in connection with the disclosure of such information by HSS. To request copies of these forms, please contact HSS Health Information Management at (212) 606-1254.

Your Rights to Access and Control Your Health Information

We want you to know that you have the following rights to access and control your health information. These rights are important because they will help you make sure that the health information we have about you is accurate. They may also help you control the way we use your information and share it with others, or the way we communicate with you about your medical matters. Unless otherwise specified, to exercise your rights below, please submit your request in writing to HSS Health Information Management, 535 East 70th Street, New York, NY 10021 or to ROIrequest@hss.edu.

1. Right to Inspect and Copy Records

You have the right to inspect and obtain a copy, including an electronic copy, from us in a timely manner of any of your health information that may be used to make decisions about you and your treatment, for as long as we maintain this information in our records. This includes medical and billing records. You can also access your health information directly using the MyHSS patient portal, available at https://myhss.hss.edu/myhss or through the Apple App Store or Google Play.

A request to inspect or obtain a copy of your health information must include: (1) the desired form or format of access; (2) a description of the health information to which the request applies; and (3) appropriate contact information.
If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing, or other supplies we use to fulfill your request, which must generally be paid before or at the time we give the copies to you.
If the information you request is stored electronically, we will provide the information in the form and format you request if the information is readily producible in that format, or, if not, we will reach an agreement with you as to alternative readable electronic format.
We will respond to your request for inspection of records within 10 days. We ordinarily will respond to requests for copies within 30 days. If we need additional time to respond to a request for copies, we will notify you in writing within the time frame above to explain the reason for the delay and when you can expect to have a final answer to your request.
Under certain very limited circumstances, we may deny your request to inspect or obtain a copy of your information. If we do, we may provide you with a summary of the information instead. We will also provide a written notice that explains our reasons for providing only a summary, and a complete description of your rights to have that decision reviewed and how you can exercise those rights. The notice will also include information on how to file a complaint about these issues with us or with the Secretary of the Department of Health and Human Services. If we have reason to deny only part of your request, we will provide complete access to the remaining parts after excluding the information we will not let you inspect or copy.

2. Right to Transfer Records

You have a right to initiate a transfer of your records to another person or organization by completing a written authorization form. Your request must include the person(s) authorized to use and/or receive the information, and a description of the information that will be used or disclosed. Ordinarily, we respond to your request within 30 days. To request or revoke a written authorization, please write to HSS Health Information Management at 535 East 70th Street, New York, NY 10021 or ROIrequest@hss.edu.

3. Right to Amend Records

If you believe that the health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept in our records. Your request must include a description of the amendment requested and should include the reasons why you think we should make the amendment. Ordinarily we will respond to your request within 60 days. If we need additional time to respond, we will notify you in writing within 60 days to explain the reason for the delay and when you can expect to have a final answer to your request.

Your request for an amendment may be denied if you request an amendment of health information that we determine: (1) was not created by HSS, unless the originator of the health information is no longer available to make the amendment; (2) is not part of HSS’s records; (3) is not health information you would be permitted to inspect or copy; or (4) is accurate and complete. If we deny part or all of your request, we will provide a written notice that explains our reasons for doing so. You will have the right to have certain information related to your requested amendment included in your records. For example, if you disagree with our decision, you will have an opportunity to submit a statement explaining your disagreement, which we will include in your records. We will also provide you with information on how to file a complaint with us or with the Secretary of the Department of Health and Human Services. These procedures will be explained in more detail in any written denial notice we send you.

4. Right to an Accounting of Disclosures

You have a right to request an accounting of certain disclosures of your health information we have made in the previous six years, such as for research, public health, health oversight and other specific purposes that are not for treatment, payment or health care operations.

An accounting of disclosures does not describe the ways that your health information has been shared within HSS as long as all other protections described in this Notice have been followed. An accounting of disclosures also does not include information about the following disclosures: disclosures we made to you or your personal representative; disclosures we made pursuant to your written authorization; disclosures we made for treatment, payment or health care operations; disclosures made from the patient directory; disclosures made to your friends and family involved in your care or payment for your care; disclosures that were incidental to permissible uses and disclosures of your health information (for example, when information is overheard by another patient passing by); disclosures for purposes of research, public health or our health care operations of limited portions of your health information that do not directly identify you; disclosures made to federal officials for national security and intelligence activities; and disclosures about inmates to correctional institutions or law enforcement officers.

Your request must state a time period within the past six years for the disclosures you want us to include. For example, you may request a list of the disclosures that we made between January 1 of a given year to December 31 of that same year, so long as the dates are within the past six years. You have a right to receive one free accounting within every 12-month period. However, we may charge you for the cost of providing any additional accounting in that same 12-month period. We will always notify you of any cost involved so that you may choose to withdraw or modify your request before any costs are incurred. The scope of your right to request an accounting may be modified from time to time to comply with changes in federal law or state law.

Ordinarily we will respond to your request for an accounting within 60 days. If we need additional time to prepare the accounting you have requested, we will notify you in writing about the reason for the delay and the date when you can expect to receive the accounting. In rare cases, we may have to delay providing you with the accounting without notifying you because a law enforcement official or government agency has asked us to do so.

5. Right to Request Additional Privacy Protections, Including Restriction on Disclosures to Health Plans

You have the right to request that we further restrict the way we use and disclose your health information to treat your condition, collect payment for that treatment, or run our health care operations. You may also request that we limit how we disclose information about you to family or friends involved in your care. For example, you could request that we not disclose information about a surgery you had. In addition, you have the right to restrict certain disclosures of your health information to a health plan when you pay, or another person on your behalf pays, out-of- pocket in full for the health care item or service. Your request should include: (1) what information you want to limit; (2) whether you want to limit how we use the information, how we share it with others, or both; and (3) to whom you want the limits to apply.

We are not always required to agree to your request for a restriction, and in some cases the restriction you request may not be permitted under law. We do not need to agree to the restriction unless: (1) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and (2) the health information relates only to a health care item or service that you or someone on your behalf has paid for out-of-pocket and in full. However, if we do agree, we will be bound by our agreement unless the information is needed to provide you with emergency treatment or comply with the law. Once we have agreed to a restriction, you have the right to revoke the restriction at any time. Under some circumstances, we will also have the right to revoke the restriction as long as we notify you before doing so; in other cases, we will need your permission before we can revoke the restriction.

6. Right to Request Confidential Communications
You have the right to request that we communicate with you about your medical matters in a more confidential way by requesting that we communicate with you by alternative means or at alternative locations. For example, you may ask that we contact you at home instead of at work. Your request should specify how or where you wish to be contacted, and how payment for your health care will be handled if we communicate with you through this alternative method or location. We will not ask you the reason for your request, and we will try to accommodate all reasonable requests.

7. Right to Notice of Breach of Unsecured Health Information

We are required by law to maintain the privacy of your health information, to provide you with this Notice containing our legal duties and privacy practices with respect to your health information, and to abide by the terms of this Notice. It is HSS policy to safeguard your health information so as to protect the information from those who should not have access to it. If, however, for some reason we experience a breach of your unsecured health information, we will notify you of the breach.

8. Right to Obtain a Copy of This Notice

You have the right to a paper copy of this Notice. You may request a paper copy at any time, even if you have previously agreed to receive this Notice electronically. To do so, please call the HSS Privacy Officer at (212) 774-7500. You may also obtain a copy of this Notice by requesting a copy at your next visit.

9. Right to Have Someone Act on Your Behalf

You have the right to name a personal representative who may act on your behalf to control the privacy of your health information. Parents and guardians will generally have the right to control the privacy of health information about minors, unless the minors are permitted by law to act on their own behalf. To name a personal representative, please contact your treating provider’s office.

Changes to this Notice

We may change our privacy practices from time to time. If we do, we will revise this Notice so you will have an accurate summary of our practices, and the revised Notice will apply to all of your health information. We will post any revised Notice in our admitting areas and other HSS locations. You will also be able to obtain your own copy of the revised Notice by calling the HSS Privacy Officer at (212) 774-7500, or asking for a Notice at the time of your next visit. The effective date of the Notice will always be noted in the cover page. We are required to abide by the terms of the Notice that is currently in effect.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with us, please contact the HSS Privacy Officer at (212) 774-7500 or send a letter to HSS, 535 East 70th Street, New York, NY 10021, to the attention of the Privacy Officer. To file a complaint with the Department of Health and Human Services you may send a letter to the Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201, or call 1-877-696-6775, or visit www.hhs.gov/ocr/privacy/hipaa/complaints/. No one will retaliate or take action against you for filing a complaint.