THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
NorthShore University HealthSystem (“NorthShore” or “we” or “us”) is committed to protecting the privacy of your health information. This Notice of Privacy Practices (“Notice”) describes certain rights you have with respect to your health information pursuant to the Health Insurance Portability and Accountability Act of 1996, and its regulations (“HIPAA”). This Notice further describes how you may exercise your rights and certain obligations we have.
Your Rights: You have certain rights with respect to your health information. This section explains these rights and how to exercise them.
Obtain an Electronic or Paper Copy of Your Medical Record
You may request an electronic copy or paper copy of your medical record or other health information we have about you. We will provide a copy or summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
Receive Confidential Communications
You may ask us to contact you in a specific way (for example: home, mobile or office phone) or to send mail to you at a different address. We will accommodate all reasonable requests.
Ask us to Limit What We Use or Share
You may ask us that we not use or share certain health information for treatment, payment or operations purposes. We are not required to agree to your request. For example, we may deny your request if it would affect your care. If you pay for a service or health care item out-of-pocket in full, you may ask us not to share that information for the purpose of payment or our operations with your health insurer. We will accommodate this request unless a law requires us to share that information.
Ask us to Correct or Amend Your Medical Record
You may ask us to correct health information about you that you believe is incorrect or incomplete. We may deny your request but we will inform you why in writing within 60 days.
Obtain an Accounting of Disclosures
You may request a list of the instances that we have shared your health information in the 6 years prior to the date of your request, including with whom we shared this information and why. We will provide you with an accounting of all disclosures except for those made for treatment, payment or health care operations purposes, and certain other disclosures (such as any you requested we make). We will provide you with one accounting per year for free, but we will charge a reasonable, cost-based fee for each additional accounting requested within a 12 month period.
Obtain a Copy of this Notice
You may request a paper copy of this Notice at any time, even if you agreed to receive the Notice electronically. We will provide you with a paper copy promptly.
Choose Someone to Act on your Behalf
If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will ensure the person has the authority and can act on your behalf before we take any action.
File a Complaint if You Believe your Rights have been Violated
You may complain if you feel that we have violated your rights by contacting NorthShore’s Privacy Officer at the contact information available at the end of this Notice. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint with us or the Office of Civil Rights.
How to Exercise Rights: If you would like to exercise any of your rights or have any questions about them, please contact NorthShore’s Compliance Department in writing at 1301 Central Street, Room 140, Evanston, IL 60201; by e-mail to: email@example.com or by phone: 847.982.4459. If you would like to obtain a copy, amend or restrict your medical records, or receive an accounting of disclosures, you can request your record through your active NorthShoreConnect account, or please complete the requisite form available online at https://www.northshore.org/locations/our-hospitals/evanston-hospital/medical-records and then email the completed form to: firstname.lastname@example.org or fax it to: 847.982.4499. Please contact our call center at 847.982.4450 with any questions about the request forms.
Your Choices: For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, let us know. Tell us what you want us to do, and we will follow your instructions. You have the right and choice to tell us to:
- Share information with your family, close friends, or others involved in your care.
- Share information in a disaster relief situation.
- Include your information in our hospital directory
For example, we may include your name, NorthShore location, general condition and religious affiliation in a patient directory unless you object or limit this information. NorthShore may use or disclose the directory information to members of clergy, and except for religious affiliation, other persons who ask for you by name. You may object to or restrict these directory uses and disclosures. If you are not able to tell us your preference (for example, if you are unconscious), we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
In these cases, we will never share your information without receiving your written authorization:
- Marketing purposes
- Sale of your information
- Most, but not all, sharing of psychotherapy notes
In the case of fundraising, we may contact you for fundraising purposes to support NorthShore and its mission, but you can tell us not to contact you again for this purpose by contacting us in writing at: 1033 University Place, #450, Evanston, IL 60201; by email to: email@example.com; or by phone: 224.364.7200.
How NorthShore May Use and Disclose your Health Information: NorthShore may (without your permission) use your health information within NorthShore and disclose your health information to others outside NorthShore for a number of purposes. We explain each category of use or disclosure below and include examples, but we do not list every use or disclosure in a category.
For Treatment, Payment and Healthcare Operations
We may use your health information and share it with other professionals who are treating you. For example, a physician treating you for an injury may ask another physician about your overall health condition. We may use and share your health information to run our organization, improve your care and contact you when necessary. For example, we use your health information to manage your treatment and services, and we may contact you to remind you of an upcoming appointment. We may also use and disclose your health information for internal administration and planning, and other activities that improve the quality of the care we provide. For example, we may use your information to evaluate the quality and competence of our healthcare professionals. We may use and share your health information to bill and obtain payment from health plans and other entities. For example, we may provide your health information to your health insurance plan so that it will pay for your services. We may also contact your health plan about your treatment to obtain prior approval or to determine whether your plan will pay for your treatment.
For Public Health Activities and Research
We may share information about you to assist with public health and safety issues. For example, we can share information about you in certain situations, including:
- Preventing disease
- Helping with product recalls
- Reporting adverse reactions to medications
- Reporting suspected abuse, neglect or domestic violence
- Preventing or reducing a serious threat to anyone’s health or safety
- Health research
For example, we may use or disclose your health information without your authorization if our institutional review board or a qualified privacy board approves an alteration to or a waiver of authorization. If a waiver has not been approved, your written authorization will generally be required before your health information may be used for research.
For more information about how we are allowed or required to share your information in ways that contribute to the public good and research, see www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.
To Comply with Law
We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we are complying with HIPAA or other federal privacy laws.
Health Oversight Activities
We may disclose patient information to a health oversight agency for activities authorized by law, including for example, audits, investigations, inspections and licensure. These activities are necessary for the government to monitor the health care system, government programs and compliance with civil rights laws.
Respond to Organ and Tissue Donation Requests
We can share health information about you with organ procurement organizations.
Work with Medical Examiner or Funeral Director
We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
Address Workers’ Compensation, Law Enforcement and Other Governmental Requests
We can use or share health information about you:
- For workers’ compensation claims
- For law enforcement purposes with a law enforcement official
- With health oversight agencies for activities authorized by law
- For special government functions such as military, national security, and presidential protective services.
Respond to Lawsuits and Legal Actions
We can share health information about you in response to a court or administrative order, or in response to a subpoena.
We may disclose your health information to our business associates – individuals or companies that provide services to NorthShore that require access to health information in order to provide a service to us. NorthShore requires that business associates safeguard your health information in compliance with HIPAA.
For Immunization Purposes
We may disclose immunization records to schools to support public health efforts if we obtain and document an oral or written agreement from the parent, guardian or other person acting in loco parentis.
To Parents and Legal Guardians of Minors
NorthShore may share health information of a minor patient with his or her parents or guardian(s) unless otherwise prohibited by law.
Additional Illinois Requirements: NorthShore is committed to protecting the privacy of your health information in compliance with HIPAA and other federal laws, in addition to applicable state laws. Some state laws are more restrictive than HIPAA.
Sensitive Health Information
Some health information is particularly sensitive and the law may require that we obtain your written permission or a court order in order to use or disclose certain sensitive health information. Such sensitive health information may include information about mental health and developmental disabilities, HIV/AIDS, alcohol and drug abuse treatment or dependency, genetic testing or genetic counseling, among others.
Disciplinary Proceedings and Legal Proceedings
State law may require your written permission if certain health information is needed in an investigation or disciplinary proceeding by a state oversight board such as the Illinois Department of Financial and Professional Regulation, or if a provider needs to disclose information in a legal proceeding.
Some laws require your written permission in order to disclose health information to state sponsored registries.
NorthShore’s Responsibilities: We are required by law to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We must follow the duties and privacy practices described in this Notice and give you a copy of it. We will not use or share your information other than as described in this Notice unless you tell us we can in writing. If you tell us we can, you may change your mind at any time by letting us know in writing.
Changes to this Notice: We can change the terms of this Notice, and the changes will apply to all information we have about you. The new notice will be available upon request at any NorthShore treatment location and on our website.
Applicability of Notice: This Notice applies to NorthShore and all organizations that are required to have a Notice of Privacy Practices and are owned or controlled by NorthShore (collectively, referred as “NorthShore” or “we” or us”). This Notice applies to all NorthShore locations that provide medical services and all healthcare professionals who provide treatment at any NorthShore location, including physicians, nurses, residents, fellows, students and volunteers, as well as any staff and personnel who have access to patient information. Independent physicians who are on the medical staff of a NorthShore hospital are also covered by this Notice when providing care at a NorthShore hospital (although these independent physicians are not agents of NorthShore and remain responsible for the clinical services they provide at a NorthShore hospital).
Privacy Officer Contact Information: If you have any concerns or questions about NorthShore’s HIPAA compliance or this Notice, please contact NorthShore’s Compliance Department in writing at 1301 Central Street, Room 140, Evanston, IL 60201; by email to: firstname.lastname@example.org or by phone at: 847.982.4459.
The effective date of this Notice is September 29, 2020.