This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

The University of Maine System (“University” or “we”) must maintain the privacy of your protected health information (“PHI”) and give you this notice that describes our legal duties and privacy practices concerning your PHI.  In general, when we release your PHI, we must release only that information necessary to achieve the purpose of the use or disclosure. However, all of your PHI, with limited exceptions, will be available for release if you sign an authorization form, if you request the information for yourself, to a provider regarding your treatment, or due to a legal requirement. Health information and other records of University of Maine System students generally are not subject to this notice and are protected by other federal and state laws.

Responsibilities:  It is the responsibility of the Corporate Compliance Officer, Laurie Gardner, to establish program objectives; approve the privacy policy; provide training for the work force; enforce sanctions; and designate a Privacy Official for the Student Health Center.  She will further, assist in the execution of the HIPPA privacy policy and operating procedures; assist and support the Privacy Official; and provide support for HIPPA compliance activities.

The Privacy Official, Robert Pederson, is responsible for overseeing privacy policies and procedures; coordinating and implementing policy; providing training; receiving and processing privacy complaints; processing individual rights requests; and ensuring retention of  HIPPA policies and procedures, complaints and investigative materials to meet compliance requirements. 

It is the responsibility of the Director of Clinical Services, Susan Cochran, to implement the Student Health Center’s privacy policy for medical records; provide administrative and physical safeguards for the protection of client health information; develop and implement privacy training for all employees; and document the delivery of privacy training to all work force members.

It is the responsibility of all employees to understand and comply with the UM System and UMF Student Health Center policies regarding confidentiality and privacy.

Designated Record Set:  All patient information, including medical records and billing records are in hard copy and maintained in locked files at the UMF Student Health Center.  A medical records database is maintained for internal use only and is not used for transmission of medical records.

Notice of Privacy Practices:  This Notice of Privacy Practices, developed by the UM System, is posted at the UMF Student Health Center and on the UMF Student Health Center website; it is also available upon request.  In a good faith effort to receive acknowledgment of the Notice of Privacy Practices, the UMF Student Health Center includes the following statement on the basic information form that is given to each patient for their signature on their initial visit to the UMF Student Health Center.

“I have reviewed the UMF Notice of Privacy Practices and understand that a copy is available upon request.  I hereby request and authorize the University of Maine—Farmington Student Health Center and its personnel to provide my medical treatment and, as appropriate, to release all necessary medical records and information regarding my medical care, treatment, physical/medical condition to my insurance company for the purpose of insurance claims filing, processing, and payment.”

Without your written authorization, we may use and disclose your PHI as follows:

1. Treatment: For example, we may use or disclose PHI to determine which treatment option best addresses your health needs or so other health care professionals can make decisions about your care. However, in non-emergency situations, authorization is required to disclose certain mental health care information to outside providers or facilities.

2. Payment: In order for an insurance company to pay for your treatment, we must disclose PHI that identifies you, your diagnosis, and the treatment provided to you, to the insurance company.

3. Health Care Operations: We may use or disclose your PHI in order to improve the quality or cost of care we deliver. These activities may include evaluating the performance of your health care providers, or examining the effectiveness of the treatment provided to you. In addition, we may use or disclose your PHI to send you a reminder about your next appointment.

4. Required by Law: As required by law, we may use and disclose your PHI- for example, we may disclose medical information to government officials to demonstrate compliance with HIPPA.

5. Public Health: As required by law, we may use or disclose your PHI to public health authorities for purposes related to: preventing or controlling disease, reporting child abuse or neglect, and reporting to the FDA.

6. Health Oversight Activities: We may use or disclose your PHI to health agencies during the course of audits, investigations, licensure and other proceedings related to oversight of the health care system.

7. Judicial and Administrative Proceedings: We may use or disclose your PHI in the course of any administrative or judicial proceeding, in response to a court order or as otherwise authorized or required by statute.

8. Law Enforcement: We may use or disclose your PHI to a law enforcement official for purposes such as reporting a crime at our facility, complying with a court order or subpoena, and for other law enforcement purposes as authorized or required by statute.

9. Coroners, Medical Examiners and Funeral Directors: We may use or disclose your PHI to coroners, medical examiners .and funeral directors.

10. Organ and Tissue Donation: If you are an organ donor, we may use or disclose your PHI to organizations involved in procuring, banking or transplanting organs and tissues.

11. Public Safety: We may use or disclose your PHI to appropriate persons in order to prevent or lessen a serious and imminent threat to the health and safety of any individual.

12. National Security: We may use or disclose your PHI to authorized officials for purposes of intelligence or other national security activities and protective services for governmental leaders as authorized or required by statute.

13. Worker’s Compensation: We may disclose your PHI as necessary to comply with worker’s compensation laws.

14. Disclosures to Plan Sponsors: We may disclose your PHI to the sponsor of your health plan (if applicable), for the purposes of administering benefits under the plan.

15. Domestic Violence: We may disclose your PHI to an authorized government authority if we reasonably believe you to be a victim of abuse, neglect, or domestic violence to the extent the disclosure is required or authorized by law or if you agree to the disclosure.

16. Research: We may disclose your PHI for research, regardless of the source of funding of the research, provided that we obtain documentation that an alteration to or waiver of authorization for use or disclosure of PHI has been approved either by an Institutional Review Board or a privacy board, or if such disclosure is otherwise permitted by law.

17. Military and Veterans: If you are a member of the armed forces, we may use or disclose your PHI to provide information about immunization and/or a brief confirmation of general health status as required by military command authorities.

18. Inmates:  If you are an inmate at a correctional facility or in the custody of a law enforcement official, we may use or disclose your PHI to the facility or the official as may be necessary to provide information about immunization and/or a brief confirmation of general health status, or as otherwise authorized or required by law.

 

19.  Family or Household Members: We may use or disclose your PHI, pursuant to your verbal agreement, and in certain circumstances without your agreement, for the purpose of including you in our directory or for purposes of releasing information to family or household members, who are involved in your care or payment for your care.

20. Emergency Services: We may use or disclose your PHI to provide to emergency services, health care or relief agencies a brief confirmation of your health status for purposes of notifying your family or household members.

21. Business Associates: We may use or disclose your PHI to a Business Associate, who is specifically contracted to provide us with services utilizing that health information, pursuant to an approved business associate agreement which assures that the business associate will handle the PHI in compliance with privacy regulations.

22. Limited Data Set: We may use or disclose your PHI as part of a limited data set if we enter into a data use agreement with the limited data set recipient. A limited data set is PHI that excludes most direct identifiers.

When the University of Maine System May Not Use or Disclose Your PHI:

Except as described in this Notice of Privacy Practices, we will not use or disclose your PHI without written authorization from you. If we ask for an authorization, we will give you a copy. If we disclose partial or incomplete information as compared to the authorization to disclose, we will expressly indicate that the information is partial or incomplete. If you do authorize us to use or disclose your health information for another purpose, you may revoke your authorization in writing at any time.  If you revoke your authorization, we will no longer be able to use or disclose health information about you for the reasons covered by your written authorization, though we will be unable to take back any disclosure we have already made with your permission. Revocation may be the basis for the denial of health benefits or other insurance coverage or benefits.

Statement of Your Health Information Rights:

1. Right to Request Restrictions: You have the right to request restrictions on certain uses

and disclosures of your health information. The University is not required to agree to every restriction that you request. If you would like to make a request for restrictions, submit your request in writing to the Contact Person listed at the end of this Notice.

2. Right to Request Confidential Communications: You have the right to request that you receive your health information through a reasonable alternative means or at an alternative location. A University health care provider is required to accommodate reasonable requests. A health plan must permit you to request and accommodate reasonable requests to receive communications by alternative means or at alternative locations, if you clearly state that the disclosure could endanger you. To request confidential communications, submit your request in writing to the Contact Person listed at the end of this Notice.

3. Right to Inspect and Copy: With very limited exceptions, you have the right to inspect and copy your health Information. To inspect and copy such information, submit your request in writing to the Contact Person listed at the end of this Notice. If you request a copy of the information, we may charge you a reasonable fee to cover the expenses associated with your request. In the event that the University uses or maintains an Electronic Health Record of Information about you, then upon your request, we will provide an electronic copy of the PHI to you or to a third party designated by you.

4. Right to Request Amendment: You have the right to request the University to correct, clarify and amend your health information. To request a correction, clarification or amendment, submit your request in writing to the Contact Person listed at the end of this Notice. We may add a response to your submitted correction, clarification or amendment and will provide you with a copy.

5. Right to Accounting of Disclosures: You have the right to receive a list or “accounting of disclosures” of your health information made by the University, except that we generally do not have to account for disclosures made for the purposes of treatment, payment, or health care operations; for disclosures made to you; for disclosures made pursuant to an authorization; for those made to our facility’s directory or to those persons involved in your care; incidental disclosures; for lawful inquiries made pursuant to national security or intelligence purposes; for lawful inquiries made by correctional institutions or other law enforcement officials in custodial situations; or, for disclosures when your information may become part of a limited data set. To request an accounting of disclosures, submit your request in writing to the Contact Person listed at the end of this Notice. Your request should specify a time period of up to six years and may not include dates before April 14, 2003. The University will provide one list per 12-month period free or charge; we may charge you for additional lists.

6.  Right to Paper Copy: You have a right to receive a paper copy of this Notice of Privacy Practices at any time. To obtain a paper copy of this Notice, send your written request to the Contact Person listed at the end of this Notice. You may also obtain a copy of this notice at our website: http://www.maine.edu.

If you would like to have a more detailed explanation of these rights, or if you would like to exercise one or more of these rights, contact the Contact Person listed at the end or this Notice.

 

Changes to this Notice of Privacy Practices

The University reserves the right to amend this Notice of Privacy Practices at any time in the future and to make the new Notice provisions effective for all health information that we maintain. We will promptly revise our Notice and distribute it to you at your next visit whenever we make material changes to the Notice. Participants in the Health Plans, Health Care Advantage Account, and the System EAP Plan will receive a revised copy within 60 days of a material revision. The University is required by law to abide by the terms of the Notice currently in effect.
Complaints

Complaints about this Notice of Privacy Practices or requests for further information should be directed to the Contact Person listed below. The University will not retaliate against you in any way for filing a complaint, participating in an investigation, or exercising any other rights under the Health Insurance Portability and Accountability Act (HIPAA). All complaints to the University must be submitted in writing. If you believe your privacy rights have been violated, you also may file a complaint with the Secretary of the U.S. Department of Health and Human Services.

CONTACT PERSON:   Bob Pederson

   Center for Human Development

   And Student Health Center

Effective Date of this Notice:  02/17/2010