Notice of Privacy Practices
JOINT NOTICE of PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW HEALTH
INFORMATION ABOUT YOU MAY BE USED
AND DISCLOSED AND HOW YOU CAN GET
ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
The University of Texas Health Science Center at Houston (“UTHealth Houston”) and UT Physicians (“UTP”) are committed to protecting health information about you. We create a record of the services you receive at UTHealth Houston for use in your care and treatment. Typically, this record contains your health history, symptoms, examination and test results, diagnoses, and a plan for your future course of treatment. UTP and UTHealth Houston document your health information in records that will be maintained in a confidential manner, as required by law. UTHealth Houston and UTP, their professional staff, employees, and volunteers and all of their affiliated entities follow the privacy practices described in this Notice. However, UTHealth Houston and UTP must use and disclose your health information to the extent necessary to provide you with quality health care.
The Purpose of this Notice
This Notice tells you about the uses and disclosures that we make with your health information, certain rights that you have, and obligations that we are bound to with respect to such information. We care about the privacy and confidentiality of your health information. We have developed policies, created procedures, and taken other steps to help keep your health information confidential. This Notice gives a summary of those steps, explains your privacy rights, and shares phone numbers and addresses you can use to ask questions or make requests.
Who Will Follow This Notice? This Notice describes UTHealth Houston’s and UTP’s privacy practices, as well as the privacy practices of: (a) all component departments, sections, schools, and units of UTHealth Houston; (b) all employees, staff, and other UTHealth Houston and UTP personnel; and (c) any resident, fellow, or student we train in dental, medical, nursing, or allied health services. The entire workforce in these entities, sites, and locations follow the terms of this Notice. In addition, these entities, sites, and locations may share health information with each other to further the treatment, payment, and health care operation activities described in this Notice.
Our Duties. We are required by law to:
- Make sure health information that identifies you is kept private;
- Let you know promptly if a breach occurs that may have compromised the privacy or security of your information;
- Give you this Notice of our legal duties and privacy practices with respect to your health information; and
- Follow the terms of this Notice as long as it is in effect. If we revise this Notice, we will follow the terms of the revised Notice as long as the revised Notice is in effect.
We May Use and Disclose Your Health Information Electronically
We use an electronic health record system to manage your medical information. We may create, receive, maintain, and disclose your health information in electronic format.
We may communicate with you through email, text messages, phone calls, and patient portals. Communications within patient portals is secure. Emails, text messages, or other electronic communications outside of the university patient portals may not be encrypted or secure, and could be read or otherwise accessed by another person or organization. We will assume that you understand these risks if you initiate electronic communication with us outside of a patient portal or agree to receive communications from us in a non-secure format.
EXPLANATION OF USES AND DISCLOSURES OF HEALTH INFORMATION:
How We May Use And Disclose Health Information About You.
The following categories describe different ways that we use and disclose health information. For each category of uses or disclosures we will explain what we mean, and we may provide an example. Not every use or disclosure in a category will be listed. However, all of the ways UTHealth Houston and UTP are permitted to use and disclose information will fall within one of the boldface print categories, below.
- For Treatment. We may use health information about you to provide medical or dental treatment or other services. We may disclose health information about you to dentists, physicians, nurses, technicians, therapists, residents, students, or other personnel who are involved in your care. We may also disclose health information about you to people outside UTHealth Houston or UTP who may be involved in your health care such as physicians who will provide follow-up care. For example, your physician may share information about your condition with your pharmacist to discuss appropriate medications, or with radiologists or other consultants in order to make a diagnosis. A UTHealth Houston or UTP clinician may, while referring you to another health care provider outside of UTHealth Houston or UTP, disclose your health information to that provider.
- Appointment Reminders and Routine Instructions: We may contact you to provide appointment reminders through MyUTHealth, text message, phone, email, or mail. We may send automated texts or phone calls to contact you for certain routine purposes (for example, appointment reminders, pre-registration instructions, pre-operative instructions, lab results, post-discharge follow-up, prescription instructions, and other treatment-related instructions). By giving us your phone number or email address, we presume that you have consented to be contacted at that number or address.
- Health Information Exchanges: We participate in electronic Health Information Exchanges (HIEs). HIEs allow your participating health care providers to electronically share certain information from your health records. For example, if you go to a hospital emergency room, that hospital may be able to access parts of your UTHealth Houston electronic health record so it can treat you more safely and efficiently. We will allow your health records to be seen by other participating providers unless you inform us that you do not want other participating providers to see your health records.
- Outside Health Care Providers: We may communicate with your referring and follow-up providers and with post-acute care facilities to which you may be transferred, keeping them informed about your care.
- Sensitive Information: Your health record may contain information about your HIV status, sexually transmitted diseases, mental health, genetic makeup, and/or substance abuse treatment. We may need to share this information with your other treating providers so they can treat you safely and effectively. When required by law, we will ask for your written permission before sharing this information with your other treating providers.
- Treatment Alternatives: We may contact you with information about treatment alternatives or other health-related benefits or services that may be of interest to you.
- For Payment. We may use and disclose health information about you so that the treatment and services you receive at UTHealth Houston and UTP may be billed and payment collected from you, your insurance company, your managed care company, or a third party. We may also tell your health plan about a treatment you are going to receive in order to obtain prior approval.
- For Health Care Operations. We may use and disclose health information about you for UTHealth Houston and UTP operations. These uses and disclosures are necessary to run UTHealth Houston and UTP, to make sure that all of our patients receive quality care, and for UTHealth Houston education and other teaching programs.
- Case Management and Care Coordination: We may use and disclose your health information for case management and care coordination in an effort to improve the effectiveness and efficiency of care delivered by us.
- Customer Service and Data Analysis: We may use and disclose your health information to review and help improve our patient satisfaction and customer service levels, and for internal data analyses.
- Fundraising: We may use and disclose limited portions of your health information for our fundraising activities. This information includes your name, address, contact information, age, gender, insurance status, dates of service at UTHealth Houston or UTP, treating physicians and departments, and outcome information. This information allows us to be more specific with our fundraising efforts. You may opt out of fundraising communications by requesting to be removed from our fundraising database. Instructions on how to stop receiving future fundraising communications will be included on each fundraising solicitation.
- MyUTHealth and MyUTDental: UTHealth Houston and UTP provide patients with secure, online portals to view health records and appointments, communicate with health care providers, and provide information about services available. We use information from your health record, including your demographic information, to provide this service.
- Quality Improvement and Review of Resources and Staff: We may use and disclose your health information to improve the quality of care we provide (for example, for conducting quality assessments, reviewing the qualifications and competence of our medical staff, and selecting, educating, and training our employees and staff).
- Risk Management, Legal Services, Compliance, and Audit Functions: We may use and disclose your health information to facilitate risk management efforts, legal reviews, compliance programs, accreditation processes, licensing and credentialing services, and audit functions.
- Security: We may use or disclose your health information to provide security at UTHealth Houston and UTP facilities. For example, we use security cameras and share limited health information with The University of Texas police officers, as necessary, for security purposes.
- Social Media: UTHealth Houston and UTP participate in a number of online public social media sites. If you or others choose to share your health information on our online social media sites, this information is considered to be public and not protected by privacy laws, and may be reposted or shared by UTHealth Houston, UTP, or others. If you do not want your health information to be public, you should not share it on online public social media sites.
- To Business Associates for Treatment, Payment, and Health Care Operations. There are some services that we provide through contracts with business associates. We may disclose health information about you to one of our business associates in order to carry out treatment, payment, or health care operations. We require these business associates to protect your privacy in the same manner we do.
- To Individuals Involved in Your Care or Payment for Your Care. To the extent allowed by law and how you direct us, we may release health information about you to a family member, other relative, or close, personal friend who is involved in your health care if the health information released is directly relevant to such person’s involvement with your care. If permitted by law, we may also release information to someone who helps pay for your care. In addition, we may disclose health information about you to an entity assisting in a disaster relief effort so that your family can be notified about your location and general condition. We May Use And Disclose Your Health Information Without Your Written Authorization As Required Or Permitted By Law. We will disclose health information about you when required to do so by federal, state, or local law.
- Public Health and Patient Safety Activities. We may disclose health information about you for public health purposes. These purposes generally include:
- Preventing or controlling disease (such as cancer or tuberculosis), injury, or disability;
- Reporting births and deaths;
- Reporting child abuse or neglect;
- Reporting reactions to medications or problems with certain products;
- Notifying people of recalls of certain products they may be using;
- Notifying a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
- Providing schools with immunization records, but only with your permission; and
- Notifying the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
- Health Oversight Activities. We may disclose health information to a health oversight agency for activities authorized by law such as audits, investigations, inspections, and licensure. These activities are necessary for the state and federal government to monitor the health care system, government programs, and compliance with civil rights laws.
- Lawsuits and Disputes. We may disclose health information about you in response to a court or administrative order. If you are involved in a lawsuit, we may, as authorized by law, disclose health information about you in response to a subpoena, discovery request, or other lawful process.
- Law Enforcement. We may release health information if asked to do so by a law enforcement official under certain circumstances:
- In response to a court order, subpoena, warrant, summons, or similar process;
- To identify or locate a suspect, fugitive, material witness, or missing person, but only if limited information is disclosed;
- About the victim of a crime if under certain limited circumstances, we are unable to obtain the person’s agreement;
- About a death we believe may be the result of criminal conduct;
- About criminal conduct we believe occurred on the premises of UTHealth Houston or UTP; and
- In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description, or location of the person who committed the crime.
- Coroners, Health Examiners and Funeral Directors. We may release health information to a coroner or medical examiner to identify a deceased person or to determine the cause of death. We may also release health information to funeral directors as necessary to carry out their duties.
- Organ and Tissue Donation. We may release health information to organizations involved in organ procurement or organ, eye, or tissue transplantation, or if you are an organ donor, to an organ donation bank to facilitate organ or tissue donation and transplantation.
- Research. UTHealth Houston is a research institution. We may use and disclose health information for research purposes, subject to the confidentiality provisions of state and federal law. All research projects conducted by UTHealth Houston are approved through a special review process to protect patient safety, welfare, and confidentiality. This special approval process requires an evaluation of the proposed research project and its use of health information. Before we use or disclose health information for research, the project generally will have been approved through this special approval process. However, this special approval process is not required when we allow health information about you to be reviewed by people who are preparing a research project and who work to review information about patients with specific health needs, so long as the health information does not leave our facilities. We may disclose your health information to outside collaborators and sponsors, if you or the approval process approve the disclosure.
- To Avert a Serious Threat to Health or Safety. We may use and disclose health information about you when necessary to prevent a serious threat to your health and safety, or to the health and safety of the public, or another person. Any disclosure, however, would only be to someone who is able to help prevent the threat.
- Armed Forces and Foreign Military Personnel. We may release health information about you to the extent authorized by law, if you are or were a member of the Armed Forces. We may also release health information about foreign military personnel to the appropriate foreign military authority to the extent authorized by law.
- National Security and Intelligence Activities. We may release health information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities to the extent authorized by law.
- Protective Services for the President and Others. We may disclose health information about you to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state, or to conduct special investigations.
- Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release health information about you to a correctional institution or law enforcement official to the extent authorized or required by law.
- Workers’ Compensation. We may release health information about you for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.
- We May Use or Disclose Your Health Information with Your Authorization. Other uses or disclosures of your health information for other purposes or activities, not listed above, will be made only with your written authorization (permission). You may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose health information about you for the reasons covered by your written permission. We are unable, however, to retrieve any disclosures we have already made with your permission.
- Use or Disclosure of Psychotherapy Notes: Most uses and disclosures of your psychotherapy notes require your written Authorization. Psychotherapy notes are notes taken by a mental health professional, such as a psychiatrist or a clinical psychologist, during a private counseling session. Psychotherapy notes are not notes or observations made about your mental state during your course of treatment by a provider or practitioner who is not a mental health professional.
- Use or Disclosure of Your PHI for Marketing: We will not use and disclose your PHI for marketing purposes without your written Authorization. Marketing does not include refill reminders; appointment reminders; communications for purposes of case management or care coordination; recommendations for alternative treatments, therapies, care providers or care settings; or descriptions about health-related products and services we offer.
- Sale of Your PHI: We may not sell your PHI without your Authorization. However, when we disclose your PHI for any purpose permitted or required by law (such as for treatment, payment or health care operations), we may charge the requestor a reasonable, cost-based fee to cover the cost of preparing and transmitting your PHI. For example, we may charge the requestor a reasonable, cost-based fee when disclosing your PHI for public health purposes, research purposes, treatment purposes or payment purposes. We may also charge you a reasonable, cost-based fee when you request copies of your health and billing records.
EXPLANATION OF YOUR RIGHTS:
Your Rights. You have the following rights regarding health information we maintain about you:
- Right to Inspect and Copy. You have the right to inspect and copy health information that may be used to make decisions about your care. Usually, this includes health and billing records; but may not include psychotherapy notes. We may charge a fee for the costs of copying, mailing, or other supplies associated with your request. We may deny your request to inspect and copy in certain, very limited circumstances. If you are denied access to your health information, you may request that the denial to inspect and copy be reviewed. Another licensed health care professional chosen by UTHealth Houston will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
- Right to Request Restrictions. You have the right to request a restriction or limitation on the health information we use or disclose about you for treatment, payment, or health care operations. You also have the right to request a limit on the health information we disclose about you to someone who is involved in your care, or the payment for your care, such as a family member or friend. For example, you could ask that we not use or disclose information about a particular surgery that you have had. While we will not be able to grant every request, we will always agree if you pay for a service or health care item out of pocket in full and you ask us not to share that information for the purpose of payment or our operations with your health insurer. If we agree to the request, we will comply with your request unless the information is needed to provide you with emergency treatment, if we do agree.
- Right to Request Confidential Communications. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you can ask that we only contact you by telephone at work or that we only contact you by mail at home. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
- Right to Amend or Add an Addendum. If you feel that health information we have about you is incorrect or incomplete, you may ask us to amend or add to it. You have the right to request an amendment for as long as the information is kept by or for UTHealth Houston or UTP. You must provide a reason that supports your request. We may deny your request for an amendment, if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that: (i) was not created by us, unless the person or entity that created the information is no longer available to make the amendment; (ii) is not part of the health information kept by or for UTHealth Houston or UTP; (iii) is not part of the information which you would be permitted to inspect and copy; or (iv) is accurate and complete.
- Right to an Accounting of Disclosures. You have the right to request an "accounting of disclosures” to outside parties by UTHealth Houston or UTP of your health information that occurred in the past six (6) years. This accounting is a list of certain disclosures we made of your health information for purposes other than treatment, payment, and health care operations or a valid authorization, as those functions are described above. Your request must state a time period, which may not include dates before April 14, 2003. Your request should indicate in what form you want the list (e.g., on paper, electronically). The first list you request within a twelve (12) month period will be free of charge. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
- Right to a Paper Copy of This Notice. You have the right to receive a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy of this Notice.
We Are Required To Notify You If Your Health Information Is Breached. A Breach is an unpermitted use or disclosure of your health information in which there is more than a low probability that such health information has been compromised. We will notify you in the event of a breach of your health information. If you agree, we may notify you of a breach via email.
CHANGES TO THIS NOTICE. We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for health information we already have about you, as well as any health information we receive in the future. We will post a copy of the current Notice in all clinical areas. The Notice will contain on the last page, the effective date. In addition, each time you register for treatment or health care services, we will offer you a copy of the current Notice in effect.
COMPLAINTS. If you would like a paper copy of this Notice, have questions about it, or believe its terms or any UTHealth Houston or UTP privacy or confidentiality policy has been violated with respect to health information about you, please contact us immediately at UTHealth Houston Privacy Office, 7000 Fannin St., Suite 1460, Houston, Texas 77030, by email at firstname.lastname@example.org or by phone at 713-500-3391. Please include your name, address, and a telephone number where we can contact you, and a brief description of the complaint. If you prefer, you may lodge an anonymous complaint. You may also contact the Secretary of the Department of Health and Human Services at: Region VI, Office for Civil Rights, U.S. Department of Health and Human Services, 1301 Young St., Suite 1169, Dallas, Texas 75202. Phone 214-767-4056. Fax 214-767-0432. TDD 214-767-8940. You will not be penalized or suffer retaliation in any way for making a complaint to UTHealth Houston, UTP, or the Department of Health and Human Services. Please provide as much information possible so that the complaint can be properly investigated. Neither UTHealth Houston, UTP, nor any of its affiliates will retaliate against a person who files a complaint with us or with the Secretary of the Department of Health and Human Services.
PRIVACY OFFICER. If you have any questions about this Notice, please contact the Privacy Office at 713-500-3391.
Effective Date: The Notice of Privacy Practices was originally issued on April 14, 2003. Since that time the Notice has been revised on September 19, 2013, and September 1, 2022.