Effective date: September 1, 2016 Organ, eye and tissue donation: If you are an organ donor, we may release your protected health information to organizations that obtain organs or handle How to file a privacy complaint: If you believe that your privacy rights have not been followed as directed by federal regulations and state law or as explained in this Northwell Health organ, eye or tissue transplantation. We also may release your information to an organ donation bank as necessary to facilitate organ, eye or tissue donation and transplantation. Notice, you may contact us by telephone, submit a written complaint through our web-based reporting, or file a written complaint with us at the address below: Corporate Compliance Privacy Officer Notice of Privacy Practices Inmates: If you are an inmate of a correctional institution or in the custody of a law enforcement official, we may disclose your protected health information to the correctional institution or law officer as authorized or required by law. This includes sharing information that is necessary to protect the health and safety of other inmates or persons involved in supervising or transporting inmates. 1111 Marcus Avenue, Suite 107, New Hyde Park, NY 11042 Compliance Helpline: (800) 894-3226 Web-based reporting: Northwell.ethicspoint.com You will not be retaliated against or denied any health services if you file a complaint: If you are not satisfied with our response to your privacy complaint or you This notice describes how your protected health information may be used and disclosed and how you can get access to this information. Please review it carefully. What is the notice of privacy practices? The Notice explains how we fulfill our commitment to respect the privacy and confidentiality of your protected health information. This Notice explains how we may use and share your protected health information, as well as the legal obligations we have regarding your protected health information, and about your rights under federal and state laws. The Notice applies to all records held by the Northwell Health facilities and programs listed at the end of this Notice, regardless of whether the record is written, computerized or in any other form. We are required by law to make sure that information that identifies you is kept private and to make this Notice available to you. In this Notice, the term Òprotected health informationÓ refers to individually identifiable information about you, which may include: Ð Information about your health condition (such as medical conditions and test results you may have) Ð Information about healthcare services you have received or may receive in the future (such as a surgical procedure) Ð Information about your healthcare benefits under an insurance plan (such as whether a prescription is covered) Ð Geographic information (such as where you live or work) Ð Demographic information (such as your race, gender, ethnicity or marital status) Ð Unique numbers that may identify you (such as your Social Security number, your phone number or your driverÕs license) Ð Biometric identifiers (such as fingerprints) Ð Full-face photographs Who follows the Northwell Health Notice of Privacy Practices This Notice describes the practices of Northwell Health (collectively referred to as ÒweÓ or ÒusÓ). The privacy practices described in this Notice will be followed by all healthcare professionals, employees, medical staff, trainees, students, volunteers and business associates of the Northwell Health organizations specified at the end of this Notice. Overview The following is a summary of the key provisions in our Notice. This summary is not a complete listing of how we use and disclose your protected health information. If you have any questions about any of the information contained in this summary, please read this full Notice of Privacy Practices or contact a Northwell Health staff member for more information. Northwell Health may use and disclose your protected health information without your consent to: Ð Provide you with medical treatment and other services Ð Carry out certain operations necessary to the operation of our facilities and programs, such as quality improvement studies, medical education and verifying the qualifications of doctors Ð Coordinate your care, which may include such things as giving you appointment reminders and telling you about other treatment options available through Northwell Health Ð Talk to family or friends involved in your care, unless otherwise indicated by you Ð Ensure that we follow the rules of regulatory agencies regarding the quality of care we provide Ð Comply with all legal requirements, subpoenas and court orders Ð Engage in certain preapproved research activities Ð Request payment from you, your insurance company or some other third-party payer Ð Include information in our hospital directory, such as name and room number, for the benefit of visitors or members of the clergy Ð Contact you for fundraising activities unless otherwise indicated by you Ð Meet special situations as described in this Notice, such as public health and safety You have a right to: Ð See and obtain a copy of your medical record in the format of your choosing, with certain restrictions Ð Ask us to amend the protected health information we have about you if you feel the information we have is wrong or incomplete Ð Ask us to restrict or limit the protected health information we use and share about you Ð Ask us to communicate with you about medical matters in a certain way or at a specific location Ð Obtain a list of individuals or entities that have received your protected health information from Northwell Health, subject to limits permitted by law Ð Be notified if your protected health information is improperly disclosed or accessed Ð Obtain a paper copy of this Notice Ð Submit a complaint How we may use and share your protected health information with others The following categories describe different ways that we may use and disclose your protected health information. Not every use or disclosure will be listed; however, all the ways we are permitted to use and disclose your information will fall within at least one of the following categories: For treatment: We may use or disclose protected health information about you to provide, coordinate or manage your medical treatment or services. We may disclose protected health information about you to doctors, nurses, technicians, students or other Northwell Health personnel involved in taking care of you. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the hospitalÕs food service if you have diabetes so that we can arrange for appropriate meals. We may share protected health information about you with non-Northwell Health health providers, agencies or facilities in order to provide or coordinate the different things you need, such as prescriptions, lab work and X-rays. We also may disclose your protected health information to people outside Northwell Health who may be involved in your continuing medical treatment after you leave our care, such as other healthcare providers, home health agencies and transport companies. For payment: In order to receive payment for the services we provide to you, we may use and share your protected health information with your insurance company or a third party, such as Medicare and Medicaid. We may also share your protected health information with another doctor, facility or service provider, such as an ambulance company or subcontractor within our facilities that has treated you or has provided services to you, so that they can bill you, your insurance company or a third party. For example, in order for your insurance company to pay for your health-related services at Northwell Health, we must submit a bill that identifies you, your diagnosis and the treatment we provided. We may also tell your health plan about a proposed treatment to determine whether your plan will cover the treatment. In addition, insurance companies and other third parties may require that we provide your Social Security number for verification and payment purposes. For healthcare operations: We may use your protected health information to support our business activities and improve the quality of care. For example, we may use your protected health information to review the treatment and services that we gave you and to see how well our staff cared for you. We may share your information with our students, trainees and staff for review and learning purposes. Your protected health information may also be used or disclosed for accreditation purposes, to handle patientsÕ grievances or lawsuits and for health care contracting relating to our operations. Appointment reminders: We may use and share your protected health information to remind you of your appointment for treatment or medical care. For example, if your doctor has sent you for a test, the testing site may call you to remind you of the date you are scheduled. Hospital directory: If you are admitted to the hospital, your name, room location, general condition (such as fair or stable) and religious affiliation may be listed in the hospitalÕs patient directory. This is so your family, friends and clergy can visit you in the hospital and generally know how you are doing. Unless you object, we will include this limited information about you in the directory while you are a patient. Your room location and general condition will be released to people who ask for you by name. Your religious affiliation will be given only to a member of the clergy, such as a priest, minister or rabbi, even if they do not ask for you by name. If you object to being included in the hospital directory, we will not disclose your information to anyone who asks for you unless required by law. If you do not want your information listed in the hospital directory, you must notify personnel during registration or tell your caregivers after you have been admitted to the hospital. Business associates: We may share your protected health information with a business associate that we hire to help us, such as a billing or computer company or transcription service. Business associates will have assured us in writing that they will safeguard your protected health information as required by law. Treatment options and other health-related benefits and services: We may use your information to contact you about treatment options and other health-related benefits and services provided by Northwell Health that may be of interest to you. This may include information about our staff or about health-related products and services offered by Northwell Health that may be beneficial for you. However, we will not use your information to engage in marketing activities (other than face-to-face communications) without your written authorization. We also will never sell your protected health information to third parties without your written authorization to do so. However, we may receive payment to disclose your protected health information for certain limited purposes permitted by law. Fundraising activities: We may contact you to provide information about Northwell Health sponsored activities, including fundraising programs and events. We may use your protected health information, such as the department where you were seen or the name of the physician you saw, in order to contact you to ask you to make a charitable contribution to support research, teaching or patient care at Northwell Health related to your specific treatment. If you do not want to be contacted about our fundraising opportunities and events, you can let us know at any time by calling (855) 621-2844 and we will no longer reach out to you. Please give your name and address so that we may suppress your name from all future fundraising. Individuals involved in your care or payment for your care: Unless you decline, we may release protected health information to people such as family members, relatives or close personal friends who are helping to care for you or pay your medical bills. Additionally, we may disclose information to a patient representative. If a person has the authority under the law to make health care decisions for you, we will treat that patient representative the same way we would treat you with respect to your protected health information. Parents and legal guardians are generally patient representatives for minors unless the minors are permitted by law to act on their own behalf and make their own medical decisions in certain circumstances. If you do not want protected health information about you released to those involved in your care, please notify us. Disaster relief efforts: We may disclose your protected health information to an organization such as the American Red Cross so that your family can be notified about your condition, status and location in the event of a disaster. If we can reasonably do so while trying to respond to the emergency, we will try to obtain your permission to share this information first. Research: Northwell Health conducts research to advance science both to prevent disease and to cure patients. All research projects conducted by Northwell Health must be approved through a special review process to protect patient safety, welfare and confidentiality. Your protected health information may be important to research efforts and may be used for research purposes in accordance with state and federal law. Researchers may contact you regarding your interest in participating in certain research studies after receiving your authorization or approval of the contact from a special review board called an Institutional Review Board (IRB). An IRB is a special committee that protects the rights and welfare of people who participate in research studies. Enrollment in most studies may occur only after you have been informed about the study, had an opportunity to ask questions and indicated your willingness to participate by signing an authorization or consent form that has been reviewed and approved by an IRB. In some instances, federal law allows us to use your protected health information for research without your authorization, provided we get approval from an IRB or other special review board. These studies will not affect your treatment or welfare, and your private health information will continue to be protected. For example, a research study may involve a chart review to compare the outcomes of patients who received different types of treatment. Federal law also allows researchers to look at your protected health information when preparing future research studies, so long as any information identifying you does not leave a Northwell Health facility. If you have any questions about how your medical record information could be used in a research protocol, please call the Northwell Health Office for Human Research Protections at (516) 719-3101. As required by law: We will share your protected health information when federal, state or local law requires us to do so. Special situations Legal proceedings, lawsuits and other legal actions: We may share your protected health information with courts, attorneys and court employees when we get a court order, subpoena, discovery request, warrant, summons or other lawful instructions from those courts or public bodies, and in the course of certain other lawful, judicial or administrative proceedings, or to defend ourselves against a lawsuit brought against us. Law enforcement: If asked to do so by law enforcement, and as authorized or required by law, we may release protected health information: Ð To identify or locate a suspect, fugitive, material witness or missing person Ð About a suspected victim of a crime if, under certain limited circumstances, we are unable to obtain the personÕs agreement Ð About a death suspected to be the result of criminal conduct Ð About criminal conduct at Northwell Health To avert a serious threat to health or safety: We may use and disclose your protected health information when necessary to prevent or lessen a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure would be to help stop or reduce the threat. Public health risks: As required by law, we may disclose your protected health information to public health authorities for purposes related to: preventing or controlling disease, injuries or disability; reporting vital events, such as births and deaths; reporting child abuse or neglect; reporting domestic violence; reporting reactions to medications or problems with products; notifying people of recalls, repairs or replacements of products they may be using; notifying a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease and reporting to your employer findings concerning work-related illness or injury so that your workplace may be monitored for safety. WorkersÕ compensation: We may share your protected health information for workersÕ compensation or similar programs that provide benefits for work-related injuries or illness. Specialized government functions: If you are a member of the armed forces (of either the United States or of a foreign government), we may share your protected health information with military authorities so they may carry out their duties under the law. We may also disclose your protected health information if it relates to national security and intelligence activities, or to providing protective services for the President or for other important officials, such as foreign heads of state. Health oversight activities: We may disclose your protected health information to local, state or federal governmental authorities responsible for the oversight of medical matters as authorized by law. This includes licensing, auditing and accrediting agencies and agencies that administer public health programs such as Medicare and Medicaid. Coroners, medical examiners and funeral directors: We may release your protected health information to a coroner or medical examiner as necessary to identify a deceased person or to determine the cause of death. We also may release protected health information to funeral directors so they can carry out their duties. Incidental disclosures: While we will take reasonable steps to safeguard the privacy of your protected health information, certain disclosures of your information may occur during or as an unavoidable result of our otherwise permissible uses or disclosures of your information. For example, during the course of a treatment session, other patients in the treatment area may see or overhear discussion of your information. These Òincidental disclosuresÓ are permissible. Uses and disclosures requiring your written authorization Uses and disclosures not covered in this Notice: Other uses and disclosures of your protected health information not described above in this Notice or permitted by law will be made only with your written authorization. In addition, we will obtain your authorization for most uses and disclosures of psychotherapy notes. When consent for disclosure is required by law, your consent will be obtained prior to such disclosure. If you give us authorization to use or share protected health information about you, you may revoke that authorization in writing at any time. Please understand that we are unable to retract any disclosures already made with your authorization. Stricter state laws: New York has adopted medical privacy laws that are stricter than federal law. For example, New York prohibits the disclosure of HIV-related information and the records of licensed mental health facilities for certain purposes that are permitted by HIPAA. We will follow these stricter state laws, and we will not disclose your protected health information for any purpose prohibited by these laws without your consent. Your rights concerning your protected health information Right to ask to see and obtain a copy: You have the right to ask to see and obtain a copy of the protected health information we used to make decisions about your care. This includes medical records (including laboratory testing results) and billing records, but does not include psychotherapy notes. If the record is maintained electronically by Northwell Health, you have the right to obtain an electronic copy of the record. Your request must be in writing and must be given to the Health Information Management Correspondence Unit. If you are requesting laboratory testing results directly from your laboratory, your request must be in writing and must be given to the laboratory. We may charge you a reasonable fee for the costs of copying, mailing or other expenses associated with complying with your request. We may deny access under certain limited circumstances. If we deny your request, we may provide you a written summary of your record or we may provide you with limited portions of your record. If we deny your request, in part or in its entirety, you may request that the denial be reviewed. A description of the process to have a denial reviewed, as well as information on how to file a complaint with the Secretary of the U.S. Department of Health and Human Services, will be included in the correspondence informing you of our decision to deny your request. Right to ask for an amendment or addendum: If you feel that the protected health information that we have about you is incorrect or incomplete, you may ask us to amend the information. You have a right to request an amendment as long as the information is kept by or for Northwell Health. You are required to submit this request in writing by completing a Request for Amendment to Health Information form. We may deny your request if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that: Ð Was not created by us, unless the person or entity that created the information is no longer available to make the amendment Ð Is not part of the protected health information kept by or for Northwell Health Ð Is not part of the information you would be permitted to see and copy Ð Is determined by us to be accurate and complete If we deny your request, we will give you a written explanation of why we did not make the amendment. You will have the opportunity to have certain information related to your request included in your medical records, such as your disagreement with our decision. We will also provide you with information on how to file a complaint with Northwell Health or with the U.S. Department of Health and Human Services. Right to ask for an accounting of disclosures: You have the right to ask us for a listing of those individuals or entities who have received your protected health information from Northwell Health in the six years prior to your request. This listing will not cover disclosures made: Ð To you or your personal representative Ð To provide or arrange for your care Ð To carry out treatment, payment or healthcare operations Ð Incident to a permitted use or disclosure Ð To parties you authorize to receive your protected health information Ð To those who request your information through the hospital directory Ð To your family members, relatives or friends who are involved in your care Ð For national security or intelligence services Ð To correctional institutions or law enforcement officials Ð As part of a limited data set for research purposes You must submit your request in writing to the Office of Corporate Compliance at 1111 Marcus Avenue, Suite 107, New Hyde Park, NY 11042. Your request must state the time period for the requested disclosures. The first list requested within a 12-month period will be free. We may charge you for responding to any additional requests in that same period. Right to request restrictions: You have the right to ask us to restrict or limit the protected health information we use or disclose about you for treatment, payment or healthcare operations. In most cases, we must consider your request, but we are not required to agree to it. However, we must agree to limit disclosures made to your health insurer or other third-party payer about services we provided to you if, prior to receiving the medical services, you pay for the services in full, unless the disclosure of that information is required by law. If multiple medical services are provided to you at one time by Northwell Health, you will have to pay for all of the services in order to restrict the disclosure of any one of them to your health insurance. If you require follow-up care related to the undisclosed service and you decide you do not want to pay for that follow-up care at the time it is provided to you, it may be necessary for us to tell your health insurer about the previously undisclosed service. This will be done only to the extent necessary to receive payment for subsequent medical treatment. To restrict information provided to your health insurer or to another third-party payer, you must notify a Northwell Health staff member at the time of registration and fill out a form indicating this preference. You also have the right to request a limit on the protected health information we disclose about you to someone who is involved in your care or the payment of your care, such as a family member or a friend. For example, you could ask that we not disclose information to a family member about a surgery you had. Your request for any restriction must be made in writing and given to the Office of Corporate Compliance at 1111 Marcus Avenue, Suite 107, New Hyde Park, NY 11042. Right to request confidential communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we contact you only at home or only by mail. If you want us to communicate with you in a special way, you will need to give us details about how to contact you, including a valid alternate address. You will also need to give us information about where your bills may be sent. Your request must be made in writing by filling out a Northwell Health form requesting confidential communications. As indicated on the form, this request must be sent to the Office of Corporate Compliance at 1111 Marcus Avenue, Suite 107, New Hyde Park, NY 11042. You do not need to provide a reason for your request. We will comply with all reasonable requests. However, if we are unable to contact you using the requested means or locations, we may contact you using whatever information we have. Right to receive notice of a breach: You have a right to be notified in the event of a breach of the privacy of your unsecured protected health information by Northwell Health or its business associates. You will be notified as soon as reasonably possible, but no later than 60 days following our discovery of the breach. The notice will provide you with the date we discovered the breach, a brief description of the type of information that was involved and the steps we are taking to investigate and mitigate the situation, as well as contact information for you to ask questions and obtain additional information. Right to a paper copy of this Notice: Upon request, you may at any time obtain a paper copy of this Notice, even if you previously agreed to receive this Notice electronically. To request a copy, please contact the Office of Corporate Compliance at (800) 894-3226 or ask the registrar/receptionist for one at the time of your next visit. otherwise wish to file a complaint, you may also file a complaint with the Secretary of the U.S. Department of Health and Human Services. The complaint must be in writing, it must describe the subject matter of the complaint and the individuals or organization that you believe violated your privacy and it must be filed within 180 days of when you knew or should have known that the violation occurred. The complaint should then be sent to: Region II: New York Att: Regional Manager Office for Civil Rights U.S. Department of Health and Human Services Jacob Javits Federal Building 26 Federal Plaza, Suite 3312 New York, NY 10278 Phone: (800) 368-1019 | Fax: (202) 619-3818 | TDD: (800) 537-7697 Future changes to Northwell HealthÕs privacy practices and this Notice We reserve the right to change this Notice and the privacy practices of the organizations covered by this Notice without first notifying you. We reserve the right to make the revised or changed Notice effective for protected health information we already have about you as well as any information we receive in the future. To request a copy of the most recent Notice, please contact Northwell HealthÕs Office of Corporate Compliance at (800) 894-3226 or ask the registrar/receptionist for one at the time of your next visit. The current Notice will also be posted to the Northwell Health website, Northwell.edu. At any time, you may request a copy of the Notice currently in effect. All Northwell Health facilities that provide care to the public will follow this Notice. These facilities include, but are not limited to: Broadlawn Manor Nursing & Rehab Center1 Brooklyn Ambulatory Care, P.C. Carnegie Cardiovascular, P.C. Central Suffolk Hospital (d/b/a Peconic Bay Medical Center) Chaps Community Health Center Inc. CLNY Alliance, Inc. Community Drive Medicine, P.C. Comprehensive Care ASC, LLC Endo Group, LLC Endoscopy Center of Long Island, LLC Glen Cove Hospital Harbor View Medical Services, P.C. Hospice Care in Westchester and Putnam, Inc. Hospice Care Network Huntington Hospital Association Huntington Hospital Dolan Family Health Center, Inc. Island Diagnostic Laboratories, Inc. John T. Mather Memorial Hospital Lakeville Surgery, P.C. Lenox Health Greenwich Village2 Lenox Hill Cardiology Associates, P.C. Lenox Hill Hospital Lenox Hill Hospital Medical, P.C. Lenox Hill Interventional Cardiac & Vascular Services, P.C. Lenox Hill Pathology, P.C. Lenox Otolaryngology, Head & Neck Surgery, P.C. Long Island Behavioral Health Management LLC Long Island Jewish Forest Hills3 Long Island Jewish Medical Center Long Island Jewish Valley Stream3 Long Island Jewish Medical Center at Home Pharmacy, Inc. Manhattan Eye, Ear & Throat Hospital (MEETH)2 Manhattan Minimally Invasive and Bariatric Surgery, P.C. Marcus Avenue Medical, P.C. Marcus Emergency Medicine, P.C. North Shore Cardiovascular & Thoracic Surgery, P.C. North Shore Medical Accelerator, P.C. North Shore Radiology at Glen Cove, P.C. North Shore University Hospital North Shore-LIJ and Yale New Haven Health Medical Air Transport, LLC North Shore-LIJ Anesthesiology, P.C. North Shore-LIJ Cardiology at Deer Park, P.C. North Shore-LIJ Cardiovascular Medicine, P.C. North Shore-LIJ Health Plan, Inc. North Shore-LIJ Heart Surgery, P.C. North Shore-LIJ Internal Medicine at Lynbrook, P.C. North Shore-LIJ Internal Medicine at New Hyde Park, P.C. North Shore-LIJ Internal Medicine, P.C. North Shore-LIJ Maternal Fetal Medicine, P.C. North Shore-LIJ Medical Group at Huntington, P.C. North Shore-LIJ Medical Group at North Nassau, P.C. North Shore-LIJ Medical Group at Syosset, P.C. North Shore-LIJ Medical Group Urgent Medical Care, P.C. North Shore-LIJ Medical Group, P.C. North Shore-LIJ Medical, P.C. North Shore-LIJ OB-GYN at Garden City, P.C. North Shore-LIJ Ob-Gyn at New Hyde Park, P.C. North Shore-LIJ Ob-Gyn, P.C. North Shore-LIJ Occupational Medicine, P.C. North Shore-LIJ Orzac Center for Rehabilitation3 North Shore-LIJ Pediatrics of Suffolk County, P.C. North Shore-LIJ Physicians Group, P.C. North Shore-LIJ Radiology Services, P.C. North Shore-LIJ Urgent Care, P.C. Northern Westchester ASC, LLC Northern Westchester Hospital Association (d/b/a Northern Westchester Hospital) Northern Westchester Surgical Services, P.C. Northwell Health Laboratories, Inc. Northwell Health Stern Family Center for Rehabilitation Northwell Healthcare, Inc. Northwell Proton Therapy, P.C. NW Medical, P.C. Park Lenox Emergency Medicine, P.C. Park Lenox Medical, P.C. Park Lenox OB/GYN, P.C. Park Lenox Orthopaedics, P.C. Park Lenox Pediatric, P.C. Park Lenox Surgical, P.C. Peconic Bay Primary Medical Care, P.C. Phelps Medical Services, P.C. Phelps Memorial Hospital Association (d/b/a Phelps Hospital) Physicians of University Hospital, P.C. Plainview Hospital Prime Care Medical of Long Island, P.C. RegionCare, Inc. South Oaks Hospital1 South Shore Surgery Center, LLC Southside Hospital Sports Physical Medicine and Rehabilitation Services of the North Shore Long Island Jewish Health System, P.C. Sports Physical Therapy, Occupational Therapy and Rehabilitation Services of North Shore, P.L.L.C. SSH Inc. Staten Island Imaging Corp. Staten Island Neonatology, P.C. Staten Island University Hospital Ð North4 Staten Island University Hospital Ð South4 Staten Island University Hospital Perinatology, P.C. Steven and Alexandra Cohen ChildrenÕs Medical Center of New York3 Syosset Hospital5 The Feinstein Institute for Medical Research The Heart Institute The Long Island Home True North Dialysis Center, LLC United Medical Surgical, P.C. University Physicians Oncology/Hematology Group, P.C. VNA Home Health Services, Inc. Westchester Health Medical, P.C. Yorktown Imaging, LLC Zucker Hillside Hospital3 1Indicates a facility that is a division of Long Island Home. 2Indicates a facility that is a division of Lenox Hill Hospital. 3Indicates a facility that is a division of Long Island Jewish Medical Center. 4Indicates a facility that is a division of Staten Island University Hospital. 5Indicates a facility that is a division of North Shore University Hospital. w26757-02-19