Patient Privacy Policies (HIPAA)
Patient Privacy Policies
I. Who We Are.
This Notice describes the privacy practices of Main Line Health (MLH) which includes Bryn Mawr, Paoli, Riddle and Bryn Mawr Rehabilitation Hospitals, Lankenau Medical Center, Mirmont Treatment Center, Main Line Health Behavioral Health Services, Main Line HealthCare, Main Line Affiliates, Main Line Health Integrative and Functional Medicine Services, and Main Line Health HomeCare & Hospice.
While treating you, our employees, volunteers, students and health care professionals affiliated with MLH follow this Notice. In addition, any person involved in your care, entities, sites and locations may share medical information about you with each other for treatment, payment or health care operations as described in this notice.
We are required by law to maintain the privacy of your health information and to provide you with this Notice.
II. Our Duties to Safeguard your Protected Health Information.
Protected Health Information (“PHI”) is any information related to your health care that is shared or maintained in any manner. It includes your insurance information as well. This Notice applies to all PHI generated by Main Line Health or any of its entities. Non-Main Line HealthCare physicians may have different policies or notices regarding the doctor’s use and disclosure of your medical information created in the doctor’s office.
This Notice will tell you about the ways in which we may use and disclose your PHI. We also describe your rights and certain obligations we have regarding the use and disclosure of your PHI.
We are required by law to:
- make sure that your PHI is kept private;
- give you this Notice of our legal duties and privacy practices related to your PHI; and,
- follow the terms of the Notice that is currently in effect.
III. How Main Line Health May Use and Disclose Medical Information About You – Treatment, Payment and Health Care Operations.
Except in an emergency or other special situations, we will ask you to sign a general consent, as required by Pennsylvania law, so that we may use and disclose your PHI for the following purposes:
Treatment. We may use and disclose PHI about you in connection with your treatment, for example to diagnose you. In addition, we may contact you to remind you about appointments, give you instructions prior to tests or surgery, or inform you about treatment alternatives or other health related benefits or services.
We may also disclose your PHI to other providers, doctors, nurses, technicians, medical students, hospital personnel or other health care facilities or entities for treatment, care coordination or quality improvement activities. We will communicate this PHI using phone, fax, two-way radio or electronic transfer.
Payment. We may use and disclose your PHI to obtain payment for services we provide to you. For example, we may contact your insurance company to pay for the services you receive, to verify that your insurer will pay for the services, to coordinate benefits, or to collect any outstanding accounts.
Health Care Operations. We may use and disclose your PHI for health care operations which include: activities related to evaluating treatment effectiveness, teaching and learning purposes, evaluating the quality of our services, investigating complaints related to service, fundraising activities and marketing activities.
Other Health Care Providers. We may also disclose your PHI to other health care providers when such PHI is required for them to treat you, receive payment for services you receive or conduct certain health care operations. For example, we will share your PHI with an ambulance company so the ambulance company can be reimbursed for transporting you to the hospital.
Health Information Exchange. A health information exchange (“HIE”) is a network that allows HIE participants to share patients’ PHI for treatment, payment and healthcare operations purposes and other lawful purposes to the extent permitted by law (“Permitted Purposes”). HIEs make it possible for us to electronically share patients’ PHI to coordinate their care, obtain billing information, and participate in quality improvement, public health and population health initiatives, among other things. Participants in the HIE may be healthcare providers, their billing companies, insurers, health plans, and accountable care organizations (“Participants”). Note that sensitive information (such as information relating to mental health, drug and alcohol treatment, HIV status and sexually transmitted diseases) may be contained in the documents accessed through the HIE.
MLH participates in various HIEs from time to time solely for the Permitted Purposes, including Health Share Exchange of Southeastern Pennsylvania (“HSX”). More information on HSX can be found on its website: hsxsepa.org.
Opting Out of HIEs. You may opt out of participating in all of the HIEs MLH participates in by contacting the MLH Privacy Office or by going to this link and completing the opt out form: mainlinehealth.org/about/policies/opt-out-of-electronic-transmittal-of-protected-health-information. You may also opt out of the HSX HIE directly on the HSX website by completing the HSX Opt Out form at: healthshareexchange.org/patient-options-opt-out-back.
IV. Other Uses and Disclosures of Your PHI for which Authorization is Not Required.
Hospital Directory. Inpatients are automatically listed in our hospital directory. The directory includes your name, room number, general health condition and religious affiliation. Unless you disagree or object, information in the directory may be disclosed to anyone who asks for you by name or to clergy members of your religious affiliation.
Disclosure to Relatives and Close Friends. We may disclose your PHI to a family member, other relative, a close personal friend or any other person if we: 1) obtain your agreement; 2) provide you with the opportunity to object to the disclosure; or, 3) we can reasonably infer that you do not object to the disclosure.
Incapacity or Emergency Circumstances. If you are not present, or the opportunity to agree or object to a use or disclosure cannot practicably be provided because of your incapacity or an emergency circumstance, we may exercise our professional judgment to determine whether a disclosure to relatives and/or close friends is in your best interest. If we disclose information to a family member, other relative or a close personal friend, we would disclose only information that is directly relevant to the person’s involvement with your health care.
Fundraising. We may contact you to request a contribution to support important activities of Main Line Health or its entities. In connection with any fundraising, we may use and disclose your demographic information as well as the dates on which you received health care services, the department where you received your services, your treating physician and outcome information related to your care. If you do not want to receive any fundraising requests, you may contact us at: mainlinehealth.org/optout or:
Main Line Health Development Office
240 N. Radnor Chester Road
Radnor, PA 19087
Public Health Activities. We may disclose your PHI for public health activities including the following:
- Reporting births or deaths
- To prevent or control disease, injury or disability
- To report child abuse or neglect
- To report reactions to medications or problems with products
- To notify individuals who may have been exposed to a disease or may be at risk for contracting a disease or condition
- Reporting PHI to your employer as required by laws addressing work-related illnesses and injuries or workplace medical surveillance
Victims of Abuse, Neglect or Domestic Violence. If we reasonably believe you are a victim of abuse, neglect or domestic violence, in accordance with current Pennsylvania law, we may disclose your PHI to a governmental authority, including a social service or protective services agency, authorized by law to receive reports of such abuse, neglect, or domestic violence.
Health Oversight Activities. We may disclose your PHI to a health oversight agency that is responsible to ensure compliance with rules of government health programs such as Medicare and Medicaid. These oversight activities include, for example, audits, investigations, inspections and licensure.
Legal Proceedings and Law Enforcement. We may disclose your PHI in response to a court order, subpoena, or other lawful process.
Deceased Persons. We may release PHI to a coroner or medical examiner authorized by law to receive such information.
Organ and Tissue Donation. We may disclose your PHI to organizations that obtain organs or tissues for banking and/or transplantation.
Public Safety. We may use or disclose your PHI to prevent or lessen a serious or imminent threat to the safety of a person or the public.
Research. Usually, we will ask for your permission or authorization before using your PHI for research purposes. However, we may use and disclose your PHI without your authorization if Main Line Hospital’s or another qualified Institutional Review Board (IRB) has waived the authorization requirement. An IRB is a committee that oversees and approves research involving human subjects.
Disaster Relief Efforts. We may disclose your PHI to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
Military, National Defense and Security. We may release your PHI if required for military, national defense and security and other special government functions.
Workers’ Compensation. We may release your PHI for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illnesses.
Communications from Us. We may use or disclose your PHI to identify health-related services and products that may be beneficial to your health, such as notification of a new physician and/or additional products and services, and then contact you about those products and services. If you do not wish to receive information of this type, please contact us at mainlinehealth.org/optout or:
Main Line Health Marketing Office
240 N. Radnor Chester Road
Radnor, PA 19087
As Required by Law. We may use and disclose your PHI when required to do so by any other laws not already referenced above.
V. Uses and Disclosures Requiring Your Specific Authorization.
Highly Confidential Information. Federal and State laws require special privacy protections for certain highly confidential information about you. This includes PHI that is:
1) maintained in psychotherapy notes; 2) documentation related to mental health or developmental disabilities services; 3) drug and alcohol abuse, prevention, treatment and referral information; and, 4) information related to HIV status, testing and treatment as well as any information related to the treatment or diagnosis of sexually transmitted diseases. Generally, we must obtain your authorization to release this type of PHI. However, there are limited circumstances under the law when this type of PHI may be released without your consent. For example, certain sexually transmitted diseases must be reported to the Department of Health.
Other Uses or Disclosures Not Described in this Notice. Other uses and disclosures of PHI not covered by this Notice or permitted under the laws that apply to us will be made only with your written permission. Except as permitted under this Notice or as permitted by law, we will seek your written permission prior to using or sharing your information for marketing purposes or selling your information. If you provide us permission to use or disclose your PHI, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose your PHI for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain a record of the care that we provided to you.
VI. Your Rights Regarding Medical Information About You.
You have the following rights regarding PHI we maintain about you:
Right to Obtain. You have the right to request your PHI, excluding psychotherapy notes, in a hard-copy or electronic format, if we maintain the PHI in an electronic format. You may be charged a fee for the costs of copying, mailing or other supplies associated with your request. Instructions on how to request your PHI are at: mainlinehealth.org/patient-services/medical-records.
Right to Inspect and Copy. You have the right to inspect and copy PHI that may be used to make decisions about your care, excluding psychotherapy notes. Instructions on how to request your PHI are at: mainlinehealth.org/patient-services/medical-records.
We may deny your request to inspect and copy in certain very limited circumstances. You may request a professional review of the denial. If you request a review, then we will designate another MLH licensed health care professional to review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Right to Amend. You have the right to request that we amend the PHI we keep about you in your medical and billing records. Instructions on how to request an amendment to your PHI are at: mainlinehealth.org/patient-services/medical-records.
We will ask your provider(s) to review amendment requests to the medical record. We may deny your request if we believe the information you wish to amend is accurate, current and complete without your requested amendment, or the PHI was not created by Main Line Health, or other special circumstances apply.
Right to an Accounting of Disclosures. You have the right to request a record of all disclosures of your PHI. We are not required to give you an accounting of information we have used or disclosed for treatment, payment or health care operations or information you authorized us to disclose.
To request this list or accounting of disclosures, you must submit your request in writing to:
Privacy Officer, Main Line Health
Main Line Health Compliance Department
3803 West Chester Pike, Suite 250
Newtown Square, PA 19073
Your request may cover any disclosures made in the six years prior to the date of your request.
Right to Request Restrictions. You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment or health care operations. We are not required to agree to your request. If we agree to a restriction, we will abide by restrictions unless a disclosure is needed to provide you emergency treatment. If you request we not share your PHI with your medical insurer or other third party payer, we will honor your request provided you pay in full for the health care item or service.
To request restrictions, you must make your request in writing to the appropriate Main Line Health office or department. In your request, you must tell us: (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and, (3) to whom you want the limits to apply, for example, disclosures to your spouse.
Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.
To request confidential communications, you must make your request in writing to the appropriate Main Line Health office or department. We will accommodate reasonable requests. Your request must specify how or where you wish to be contacted.
Right to Revoke Your Authorization. You may revoke your authorization for us to use and disclose your PHI at any time by submitting a request in writing to the appropriate office or department.
VII. Links and Interfaces to Third-Party Products and Services
For convenience, we offer some digital services including MyChart patient portal and application programming interfaces (“Digital Services”). Some Digital Services can connect parts of your MLH electronic health record (“EMR”) to some third-party mobile applications, websites, and online products and services (“Non-MLH Services”). If you connect to Non-MLH Services, those services can access and receive information from your EMR. We do not own or control the Non-MLH Services. Their access to your information is outside our Digital Services, even if you connect to them with your patient portal credentials.
Because we do not own or control the Non-MLH Services or the companies that operate them including any that are co-branded (defined below) with us (“Non-MLH Services and Companies”), we do not control and are not liable for (i) their content, products or services; (ii) your use of them; (iii) anything they do or do not do, and your use of them is at your sole risk. We make NO representation, warranty or guaranty about the security and privacy of any data or information that you give to the Non-MLH Services and Companies or allow them to access, including your personal and electronic health record information. We have no obligation to update your information in Non-MLH Services unless you make a specific request.
The Non-MLH Services and Companies are not covered by this Notice of Privacy Practices or any other MLH policies. We have no control, responsibility or liability for any policies or practices of the Non-MLH Services and Companies. The provisions of this paragraph apply even if the Non-MLH Services and Companies help you manage your health or take and fulfill orders for products or services purchased from us or are co-branded with us, or both. Co-branded means that a product or service or content has both the name(s) of the Non-MLH Services and Companies and our name and logo.
If our Digital Services contain advertisements, still we make NO representation, warranty or guaranty about the advertised products, content and services and we have no responsibility or liability for any of them.
You are not required to connect to any Non-MLH Services and Companies, even if co-branded or advertised. Before you decide to connect to Non-MLH Services and Companies, review their privacy policies, terms and conditions of use and anything else you think is important to ensure you are satisfied with them and their protection of the privacy and security of your personal and medical information.
VIII. Changes to This Notice.
We reserve the right to change this Notice. Revised Notices will be posted in appropriate locations and on-line at mainlinehealth.org/. We reserve the right to make the revised or changed Notice effective for medical information we already have about you as well as any information we receive in the future. A copy of the current Notice is available upon request.
If you believe your privacy rights have been violated, you may file a complaint, in writing, with the Main Line Health Privacy Officer at:
Privacy Officer, Main Line Health
Main Line Health Compliance Department
3803 West Chester Pike, Suite 250
Newtown Square, PA 19073
You may also wish to file a complaint with the Office for Civil Rights of the U. S. Department of Health and Human Services. The Privacy Officer can supply the correct address for the Office for Civil Rights.
We will not penalize you if you file a complaint.
X. Breach Notification.
We will notify you in the event of a breach (as defined by HIPAA) of your PHI.
This Notice is effective: April 14, 2003
Updated: 5/11, 7/13, 7/14, 10/16, 12/16, 10/17, 1/18, 10/18, 4/21, 6/22
NOTICE OF NONDISCRIMINATION
Discrimination is Against the Law
Main Line Health complies with applicable Federal civil rights laws and does not discriminate or exclude people on the basis of race, religion, color, national origin, ancestry, age, disability, sex, parental status, political affiliation, military service or relationship status.
Main Line Health:
- Provides free aids and services to people with disabilities to communicate effectively with us, such as qualified sign language interpreters;
Provides free language services to people whose primary language is not English, such as qualified interpreters and information written in other languages.
If you need these services, contact Main Line Health Patient Advocacy at 484-337-2662.
If you believe that Main Line Health has failed to provide these services or discriminated in another way on the basis of race, color, national origin, age, disability or sex, you can file a grievance with:
Main Line Health
130 S. Bryn Mawr Avenue
Bryn Mawr, PA 19010
Phone: 484.337.2662 Fax: 484.337.2013
Email: [email protected]
If you need help filing a grievance, Main Line Health Patient Advocacy is available to help you. You can also file a civil rights complaint with the U.S. Department of Health and Human Services, Office for Civil Rights electronically through the Office for Civil Rights Complaint Portal, available at ocrportal.hhs.gov/ocr/portal/lobby.jsf, or by mail or phone at:
U.S. Department of Health and Human Services;
200 Independence Avenue, SW
Room 509F, HHH Building; Washington, DC 20201
1.800.368.1019 1.800.537.7697 (TDD)
Complaint forms are available at: hhs.gov/ocr/office/file/index.html
ATTENTION: If you speak a language other than English, language assistance services, free of charge, are available to you. Call: 1-484-337-2662 (TTY: 1-800-654-5984 or 7-1-1).
ATENCIÓN: si habla español, tiene a su disposición servicios gratuitos de asistencia lingüística. Llame al 1-484-337-2662 (TTY: 1-844-308-9291 ó 7-1-1).
注意： 如果您使用繁體中文，您可以免費獲得語言援助服務。請致電 1-484-337-2662 (TTY: 1-800-654-5984， 7-1-1) 。
CHÚ Ý: Nêu bạn nói Tiêng Viêt, có các dịch vụ hõ trợ ngôn ngũ miên phí dành cho bạn. Gọi sĉ 1-484-337-2662 (TTY: 1-800-654-5984 hoăc là 7-1-1).
ВНИМАНИЕ: Если вы говорите на русском языке, то вам доступны бесплатные услуги перевода. Звоните 1-484-337-2662 (телетайп: 1-800-654-5984 или же 7-1-1).
Wann du [Deitsch (Pennsylvania German / Dutch)] schwetzscht, kannscht du mitaus Koschte ebber gricke, ass dihr helft mit die englisch Schprooch. Ruf selli Nummer uff: Call 1-484-337-2662 (TTY: 1-800-654-5984 adder 7-1-1).
주의: 한국어를 사용하시는 경우, 언어 지원 서비스를 무료로 이용하실 수 있습니다. 1-484-337-2662 (TTY: 1-800-654-5984 or 7-1-1)번으로 전화해 주십시오.
ATTENZIONE: In caso la lingua parlata sia l'italiano, sono disponibili servizi di assistenza linguistica gratuiti. Chiamare il numero 1-484-337-2662 (TTY: 1-800-654-5984 o 7-1-1)
ATTENTION: Si vous parlez français, des services d'aide linguistique vous sont proposés gratuitement. Appelez le 1-484-337-2662 (ATS: 1-800-654-5984 ou 7-1-1)
ACHTUNG: Wenn Sie Deutsch sprechen, stehen Ihnen kostenlos sprachliche Hilfsdienstleistungen zur Verfügung. Rufnummer: 1-484-337-2662 (TTY: 1-800-654-5984 oder 7-1-1).
સુચના:ملحوظة: إذا كنت تتحدث اذكر اللغة، فإن خدمات المساعدة اللغوية تتوافر لك بالمجان. اتصل برقم 1-484-337-2662 (رقم هاتف الصم
والبكم: 1-1-7 أو 1-800-654-5984).
UWAGA: Jeżeli mówisz po polsku, możesz skorzystać z bezpłatnej pomocy językowej. Zadzwoń pod numer 1-484-337-2662 (TTY: 1-800-654-5984 albo 7-1-1).
ATANSYON: Si w pale Kreyòl Ayisyen, gen sèvis èd pou lang ki disponib gratis pou ou. Rele 1-484-337-2662 (TTY: 1-800-654-5984 oubyen 7-1-1).
ប្រយ័ត្ន៖ បើសិនជាអ្នកនិយាយ ភាសាខ្មែរ, សេវាជំនួយផ្នែកភាសា ដោយមិនគិតឈ្នួល គឺអាចមានសំរាប់បំរើអ្នក។ ចូរ ទូរស័ព្ទ 1-484-337-2662 (TTY: 1-800-654-5984 ឬ 7-1-1)។
ATENÇÃO: Se fala português, encontram-se disponíveis serviços linguísticos, grátis. Ligue para 1-484-337-2662 (TTY: 1-800-654-5984 ou 7-1-1).