Notice of Privacy Practices
Effective as of September 23, 2013
Revised May 2017
This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please review it carefully.
This notice describes the type of information we, at Jackson Health System, gather about you, who we may share your information with, how we may use your information and how we protect your information. If you have any questions about this notice, please contact our chief privacy officer at the address and telephone number listed at the end of this notice.
- Who Will Follow This Notice
- Our Pledge Regarding Medical Information
- How We May Use And Disclose Your Medical Information
- Special Circumstances
- You May Object To Certain Uses And Disclosures Of Your Medical Information
- Your Rights
- Changes To This Notice
- Other Uses of Medical Information
- Contacting Us
Who Will Follow This Notice
This notice describes Jackson Health System’s practices regarding the use of your medical information and that of:
- Any health care professional authorized to enter information into your hospital chart or medical record.
- All departments, units, clinics, doctor’s offices and other locations operated by Jackson Health System.
- Any member of a volunteer group and any individual volunteer allowed to help you while you are in the hospital or at another Jackson Health System facility.
- All employees, staff and other personnel who may need access to your information. As an academic health center, patients at Jackson Health System may receive care from health care providers who are employees, residents and/or students of an academic institution, such as the University of Miami or Florida International University. The privacy practices of these individuals are outlined in the notice of privacy practices of the universities they are affiliated with and may be different from the privacy practices that we use at Jackson Health System.
- All Jackson Health System entities, sites and locations follow the terms of this notice. In addition, these entities, sites and locations may share medical information with each other for treatment, payment or health care purposes described in this notice.
Our Pledge Regarding Medical Information
We understand that your medical information and your health are personal. Protecting your medical information is important. We create a record of the care and services you receive. We need this record to provide you with quality care and to comply with certain legal requirements. This notice protects medical information created or received by Jackson Health System that identifies you or information that could be used to identify you. The protected information is related to your health condition, the health care services you receive from us and payment information. This notice will tell you about the ways we may use and disclose your medical information. We also describe your rights and certain obligations we have regarding the use and disclosure of medical information.
We are required by law to:
- Ensure that medical information that identifies you is kept private in accordance with the law.
- Give you this notice of our legal duties and privacy practices with respect to medical information about you.
- Follow the terms of the notice that is currently in effect.
How We May Use And Disclose Your Medical Information
The following categories describe different ways that we may use and disclose medical information. Not every use or disclosure permitted in a category is listed below, but the categories provide examples of the uses and disclosures permitted by law.
For Treatment. We may use your medical information to provide you with medical treatment or services. We may disclose your medical information to doctors, nurses, technicians, training doctors and other health care professionals who are involved in your care. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietitian if you have diabetes so they can arrange for appropriate meals. Different health care professionals also may share your medical information in order to coordinate the different things you need, such as prescriptions, lab work and x-rays. We also may disclose medical information about you to people outside of the health system who may be involved in your medical care after you leave one of our facilities or that provide services that are part of your care.
For Payment. We may use and disclose your medical information so that the treatment and services you receive may be billed to and collected from you, an insurance company or a third party. For example, your insurance provider may need information about surgery you received so they can pay us or reimburse you for the procedure. We may also use and disclose your medical information to obtain prior approval regarding payment from your insurance provider or to determine whether your insurance provider will cover the treatment.
For Health Care Purposes. We may use and disclose your medical information for health care operations. This is necessary to make sure that all of our patients receive quality care. For example, we may use medical information to review our treatment and services, and to evaluate the performance of our staff. We may also disclose information to doctors, nurses, technicians, training doctors, medical students and other hospital personnel for review and learning purposes. We may remove information that identifies you from your medical information so others may use it to study health care and health care delivery without learning who the specific patient is.
Appointment Reminders. We may use and disclose medical information to contact you as a reminder that you have an appointment for treatment or medical care.
Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
Health-Related Benefits and Services. We may use and disclose medical information to tell you about health-related benefits or services that may be of interest to you.
Business Associates. We may disclose your medical information to our business associates to carry out treatment, payment or health care operations. For example, we may disclose your medical information to a company who bills insurance companies on our behalf to enable that company to help us obtain payment for services we provide.
Research. Under certain circumstances, we may use and disclose your medical information for research purposes. Before any research takes place at the hospital, we make sure that an outside ethics committee called the IRB has approved it. In addition, there is an internal review process at the hospital that considers each study in order to protect the study patients treated here. Both the outside ethics committee and internal review process consider it very important to keep your medical information secure. Generally, we would only share your medical information when you have given us your permission to do so. You may give us permission when signing an informed consent form before taking part in a research study. In addition to describing the medical procedures that will take place, the informed consent form may also state that the hospital may use or disclose your medical information for research. You would then have the ability to confirm or deny the hospital’s use of your information. In some cases, we will share your medical information without your permission if the outside ethics committee and our internal review process confirm that the research presents very little risk to the security of your medical information. All in all, our internal review process will carefully examine any request for your medical information in the context of research and only allow for disclosure after the proper precautions are met.
As Required By Law. We will disclose medical information about you when required to do so by federal, state or local law.
To Avert a Serious Threat to Health or Safety. We may use and disclose your medical information when necessary to prevent a serious threat to your health and safety or the health and safety of another person. Any disclosure, however, would only be to a person or a required government authority able to help prevent the threat.
Fundraising Activities. We may use limited information about you in an effort to raise money for Jackson Health System and its operations. We may disclose this information to a foundation related to the health system so that the foundation may raise money for the system. We are permitted to disclose your name, contact information, and date of treatment for fundraising purposes. If you do not want Jackson Health System to share your information for fundraising or contact you, you must notify our chief privacy officer in writing at the address below at the end of this notice.
Alcohol, Drug Abuse and Psychiatric Treatment Information. This information may have special privacy protections. We will not disclose any information identifying an individual as being a patient or provide any medical information relating to the patient’s substance abuse or psychiatric treatment unless: (1) the patient, or his or her legal representative, consents in writing;(2) a court order requires disclosure of the information;(3) medical personnel need the information in a medical emergency;(4) qualified personnel use the information for the purpose of conducting scientific research, management audits, financial audits or program evaluation;(5) it is necessary to report a crime or a threat to commit a crime; or (6) to report suspected abuse or neglect as required by law.
Organ and Tissue Donation. We may disclose your medical information to organizations engaged in the procurement, banking and transplantation of organs for the purpose of organ and tissue donation and transplant. If you are an organ donor, we may release medical information to organizations that handle organ procurement and organ, eye and tissue transplantation, as well as an organ donation bank, as necessary to facilitate organ and tissue donation and transplantation.
Military and Veterans. If you are a member of the armed forces, we may release your medical information as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
Workers’ Compensation. We may release your medical information for workers’ compensation and similar programs. These programs provide benefits for work-related injuries and illnesses.
Public Health Risks. We may disclose your medical information for public health activities. These activities generally include the following:
- To prevent or control disease, injury or disability.
- To report births and deaths.
- To report child abuse or neglect.
- To report reactions to medications or problems with products.
- To notify people of recalls of products they may be using.
- To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
- To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence.
Health Oversight Activities. We may disclose your medical information to a health oversight agency for activities authorized by law. For example, health oversight activities include audits, investigations, inspections and licensure. These activities are necessary in order for the government to monitor the health care system, government programs and compliance with civil rights laws.
Lawsuits and Disputes. We may disclose your medical information in response to a subpoena, discovery request or other lawful court order.
Law Enforcement. We may release medical information if asked to do so by a law enforcement official as part of law enforcement activities; in investigations of criminal conduct or of victims of crime; in response to court orders; in emergency circumstances; or when required to do so by law. For example, we may disclose medical information about you to comply with laws that require the reporting of certain kinds of wounds or other physical injuries.
Coroners, Medical Examiners and Funeral Directors. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients to funeral directors as necessary to carry out their duties.
Protective Services for the President, National Security and Intelligence Activities. We may release your medical information to authorized federal officials so they may provide protection to the president, other authorized persons or foreign heads of state; conduct special investigations; or for intelligence, counterintelligence and other national security activities authorized by law.
Emergency Circumstances and Disaster Relief. We may disclose your medical information to an entity assisting in a disaster relief effort so that your family can be notified of your location and general condition. Even if you object, we may still share your medical information, if necessary, for the emergency circumstances.
Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release your medical information to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
You May Object To Certain Uses And Disclosures Of Your Medical Information
Unless you object in writing, we may use or disclose your medical information in the following circumstances:
Hospital Directory. We may include certain limited information about you in the hospital directory while you are a patient at the hospital. This information may include your name, location in the hospital, your general condition (e.g., fair, stable, etc.) and your religious affiliation. The directory information, except for your religious affiliation, may also be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they don’t ask for you by name. This is so your family, friends and clergy can visit you in the hospital and generally know how you are doing.
Individuals Involved in Your Care or Payment for Your Care. We may release your medical information to a friend or family member who is involved in your medical care. We may also give information to someone who helps pay for your care. We may also tell your family or friends your condition and that you are in the hospital. In addition, we may disclose your medical information to an entity assisting in a disaster relief effort or other public information provider, so that your family can be notified about your condition, status and location.
You have the following rights regarding your medical information:
Right to Inspect and Copy. You have the right to inspect and request an electronic or paper copy of medical information that may be used to make decisions about your care. Usually, this includes medical and billing records, but does not include psychotherapy notes.
To inspect and copy medical information that may be used to make decisions about you, you must submit your request in writing to our chief privacy officer at the address at the end of this notice. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request.
We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by Jackson Health System will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Right to Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept.
To request an amendment, your request must be made in writing and submitted to our chief privacy officer. In addition, you must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- Was not created by us, unless the person or entity that created the information is no longer available to make the amendment.
- Is not part of the medical information kept by Jackson Health System.
- Is not part of the information that you would be permitted to inspect and copy.
- Is accurate and complete.
We will tell you in writing the reasons for the denial and describe your rights to give us a written statement disagreeing with the denial. If we accept your request to amend the information, we will make reasonable efforts to inform others of the amendment, including persons you name who have received information about you and who need the amendment.
Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures.” This is a list of disclosures we have made of your medical information. Exceptions to this list include disclosures made for your treatment, billing and collection of payment for your treatment, health care operations made to or requested by you, or that you authorized, occurring as a byproduct of permitted uses and disclosures, made to individuals involved in your care, or for other purposes described in the above subsections.
To request an accounting of disclosures, you must submit your request in writing to our chief privacy officer. You must state the time period, which may not be longer than six (6) years and may not include dates before April 13, 2003. The first accounting request within a twelve- (12) month period will be free of charge. We may charge you for the costs of providing additional accounting. We will notify you of the cost involved. You may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend.
We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.
You have the right to request to restrict certain disclosures of Protected Health Information to a health plan when you pay out of pocket, in full, for the healthcare item or service. We will agree to that request unless a law requires us to share that information.
To request restrictions, you must make your request in writing to our chief privacy officer at the address at the end of this notice. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply.
Right to Request How We Communicate With You. You have the right to request how we communicate with you about medical matters. For example, you can ask that we only contact you at work or by mail.
To request confidential communications, you must make your request in writing to our chief privacy officer. We will not ask you the reason for the request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
Right to Be Notified of Breach. We will notify you if we discover a breach of your unsecured protected health information.
Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
To obtain a paper copy of this notice, please request one in writing from our chief privacy officer at the address at the end of this notice.
Changes To This Notice
We reserve the right to change this notice. We reserve the right to make the updated or changed notice effective for medical information we already have about you as well as any information we receive in the future. When we change the notice, we will post an announcement that the notice has been changed and post a copy of the updated notice. This notice contains the effective date and revised date.
Other Uses of Medical Information
Other uses and disclosures of medical information not covered by this notice or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose your medical information, you may revoke that permission, in writing, at any time. If you revoke your permission, thereafter; we will no longer use or disclose your medical information for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.
If you have any questions or wish to make a request for an amendment, please contact:
Chief Privacy Officer
1500 N.W. 12th Avenue, Suite 102
Miami, Florida 33136
If you believe your privacy rights have been violated, you may file a complaint with Jackson Health System or with the U.S. Government at: U.S. Department of Health and Human Services, Office for Civil Rights. To file a complaint with Jackson Health System, or to obtain the address and phone number of the Office for Civil Rights, please contact our chief privacy officer at the address and phone number listed below. Complaints can be submitted in writing.
Chief Privacy Officer
1500 N.W. 12th Avenue, Suite 102
Miami, Florida 33136
You may report privacy concerns anonymously by calling our toll-free, secure hotline: 1-800-684-6457.
You will not be penalized or retaliated against in any way for filing a complaint
committed to protecting your personal data. We collect, process, maintain, disclose and use personally
General Data Protection Regulations (“GDPR”) issued by the European Union (“EU”).
The EU GDP, effective May 25, 2018, provides certain protections to individuals physically residing in the EU
data when you visit our websites (jacksonhealth.org, jacksonurgentcare.com, rydertraumacenter.org, jhsmiami.org,
centuryofmiracles.org, jacksonqualitydata.org), and/or any related services, sales, marketing or events
(hereinafter referred to collectively as the “Sites”), and tell you about your privacy rights and how the law
and, while residing in the EU, submit personal data to the aforementioned Sites, submit
personal data through emails, texts and other electronic messages or submit personal data through mobile and
desktop applications downloaded from Sites.
The GDPR defines “personal data” as information that identifies you, or may be used to identify you.
The “Controller” refers to a “Data Controller” and is defined as a natural or legal person, public authority,
agency or other body which, alone or jointly with others who determines the purposes and means of the processing
of personal data.
The Data Controller for Jackson Health System is:
Chief Privacy Officer
1500 N.W. 12th Avenue, Suite 102
Miami, Florida 33136
Information Collected Through Automatic Data Collection Technologies
As you navigate through and interact with our Sites, we may use automatic data collection technologies to
collect certain information about your equipment, browsing actions, and patterns. This information may include
device and usage information, such as your IP address, internet service provider, browser and device
characteristics, operating system, language preferences, pages visited before and after using the Sites,
location information, information about how and when you use our Sites, information from cookies (if you have
consented to their use) and other technical usage information. This information is primarily needed to maintain
the security and operation of our Sites, and for our internal analytics and reporting purposes.
Information You Provided to Us
The information we collect on or through our website may include information that you provide by filling in
forms on our Sites, records and copies of correspondence or responses to surveys. Depending on your use and the
nature of the health care inquiry, we may collect the following information about you: name, date of birth,
gender, age, address, phone number, email address, job title, company name, company address, payment details
where relevant, medical history, medications, current physical or mental health, ethnicity, lifestyle and social
circumstances, generic or biometric data, and any other information that you submit to us or we obtain with your
How We Use Your Collected Information
We may use the information we collect online to:
- Fulfill your requests for services, information, and healthcare events;
- Send you information about additional clinical services or general wellness;
- Respond to any communications that you send to us;
- Analyze the use of our website and user data to understand and improve the website;
- Contact you; and
- For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.
Jackson Health System does not sell or share any of your personal information with third parties for their direct marketing purposes. Please visit Jackson Health System’s Privacy Notice for complete categories regarding how we may use and disclose your medical information. We share information with third parties from the following categories:
- To our affiliates
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential
- To third parties, which provide professional services to us, e.g., advertising partners, marketing agencies, web hosting providers, etc.,
- Third parties, which are involved in payment processing, and
- As required by
The GDPR requires that your personal data be kept no longer than necessary. The length of time we retain any information will depend on any legal obligations (such as tax, accounting and HIPAA compliance regulations) concerning the information.
When you submit information through an online inquiry, we retain that information for a period of six years following the end of the financial year during which you submitted the inquiry. It is our legal obligation to keep these records for comply with HIPAA regulations.
When you process payments to Jackson Health System, through bill pay or for healthcare events, we retain that information for a period of six years following the end of the financial year during which you processed payment. It is our legal obligation to keep these records for tax purposes and to comply with HIPAA regulations.
The GDPR affords the right to control your personal data. Subject to certain limitations, the following rights are available to you:
- The right of access – you have the right to access your personal information (e.g., information that is about you) held by Jackson Health System. You may request a copy of this information and be informed about its use. To request access to your information, please contact our “Data Controller.”
- The right to rectification – if you think the information about you held by Jackson Health System is incorrect, you may request your information be rectified by contacting our “Data Controller.”
- The right to erasure – you have the right to request that we delete your information or restrict any processing or your information if you have concerns over its accuracy, deletion or fair and lawful use. We will delete such information unless we are required to maintain the information in accordance with applicable law. You may request to have your information erased by contacting our “Data Controller.”
- The right to restrict processing – you have the right to object to the processing of your personal information, based on your particular situation, where this processing is based on the legitimate interests of Jackson Health System, where it involves direct marketing, or where it is completed for research or statistical purposes. You may request to restrict processing by contacting our “Data Controller.”
- The right to data portability – you can obtain and reuse your personal information for your own purposes across different services by contacting our “Data Controller.”
- The right to object – you have the right to object to the processing of your personal information where our lawful basis is legitimate interest. If you would like to formally object to any of our legitimate interest processing, please contact our “Data Controller.”
You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). If you choose to refuse, disable, or delete these technologies, some of the functionality of the Sites may no longer be available to you.
The safety of your personal data is an important concern for us. We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure in accordance with HIPPA.