BMH CARE ANYWHERE PRIVACY POLICY
Last modified: September, 2022
THIS PRIVACY POLICY DESCRIBES HOW BEAUFORT COUNTY MEMORIAL HOSPITAL (D/B/A ”BMH CARE ANYWHERE”) COLLECTS AND USES PERSONAL DATA ABOUT YOU THROUGH THE USE OF OUR WEBSITE, MOBILE APPLICATIONS, AND THROUGH EMAIL, TEXT, AND OTHER ELECTRONIC COMMUNICATIONS BETWEEN YOU AND BMH CARE ANYWHERE.
BMH CARE ANYWHERE (“BMH CARE ANYWHERE,” or “we,” “our,” or “us”) respects your privacy, and we are committed to protecting it through our compliance with this policy.
This Privacy Policy (our “Privacy Policy”) describes the types of information we may collect from you or that you may provide when you visit the website https://bmhcareanywhere.co/login (our “Website”) and the BMH CARE ANYWHERE mobile application (our “App”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
· on our Website and App;
· in email, text, and other electronic messages between you and our Website and App;
· when you interact with applications on third party websites and services, if those applications include links to this policy.
It does not apply to information collected by:
· us offline or through any other means, including on any other website operated by BMH CARE ANYWHERE or any third party;
· any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website or App.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website and Apps. By accessing or using our Website and/or App, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Section11: Changes to Our Privacy Policy below). Your continued use of our Website or App after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.
Terms of Use. Your use of the Website and our App is governed by the BMH CARE ANYWHERE Terms of Use available on our Website and the App.
HIPAA Privacy. Please review our BMH Notices of Privacy Practices at the end of this Policy or provided separately to you by Beaufort County Memorial Hospital and/or your treating physician for additional information about how your health information is collected, used and shared. The telehealth services available to users through the Site (“Services”) are provided by Beaufort County Memorial Hospital affiliated physicians and independent physicians engaged by Beaufort County Memorial Hospital. Please carefully review any other Notices of Privacy Practices or other privacy policies that your treating physicians and other health care providers make available to you.
Medical Treatment. Minors under the age of 18 may use the App or Website to access telehealth services only with the guidance, consent and approval of a parent or legal guardian, unless applicable law provides otherwise (e.g., emergencies and other legal exceptions).
Adults. In order to access the Site and the Services, you represent and warrant that you are older than 18 years old.
WE COLLECT DIFFERENT TYPES OF INFORMATION ABOUT YOU, INCLUDING INFORMATION THAT MAY DIRECTLY IDENTIFY YOU, INFORMATION THAT IS ABOUT YOU BUT INDIVIDUALLY DOES NOT PERSONALLY IDENTIFY YOU, AND INFORMATION THAT WE COMBINE WITH OUR OTHER USERS. THIS INCLUDES INFORMATION THAT WE COLLECT DIRECTLY FROM YOU OR THROUGH AUTOMATED COLLECTION TECHNOLOGIES.
Generally
We collect several types of information from and about users of our Website and App, specifically information:
· by which you may be personally identified, such as name, postal address, billing address, shipping address, e-mail address, home, work, and mobile telephone numbers, driver’s license number (or other government identification number), date of birth, credit or debit card number (through a third-party payment processor solely for payment purposes), Social Security Number, your medical history, personal health information and related health information, and biometric information (including fingerprints) (“Personal Data”);
· that is about you but individually does not identify you, such as traffic data, logs, referring/exit pages, date and time of your visit to our Website or use of our App, error information, clickstream data, and other communication data and the resources that you access and use on the Website or through our App;
· about your Internet connection, the equipment you use to access our Website or use our App and usage details;
· Personal Health Information or PHI that may form part of your care record could also be collected in BMH CARE ANYWHERE. This could include information about your current health conditions, treatments, medicines, illnesses or allergies, symptoms, vitals, names of your health or social service providers or other patient reported information and health goals; and,
We collect this information:
· directly from you when you provide it to us;
· automatically as you navigate through the Website or use our App. Information collected automatically may include usage details, IP addresses, and information collected through cookies and other tracking technologies; and
Information You Provide to Us
The information we collect on or through our Website or through our App is:
· information that you provide by filling in forms on our Website or the App. This includes information provided at the time of registering to use our Website or App, using our Provider consultation services, medical treatment, purchasing products, or requesting further services. We may also ask you for information when you report a problem with our Website or App;
· records and copies of your correspondence (including email addresses), if you contact us; and
· details of transactions you carry out through our Website or through the App and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website or App.
You may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Website or App or transmitted to other users of the Website or App or third parties (collectively, “User Contributions”).
Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website and App with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website and App, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:
· details of your visits to our Website or App, such as traffic data, location, logs, referring/exit pages, date and time of your visit to our Website or use of our App, error information, clickstream data, and other communication data and the resources that you access and use on the Website or in the App; and
· information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, browser type, and App version information.
The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Website and App and to deliver a better and more personalized service by enabling us to:
· estimate our audience size and usage patterns;
· store information about your preferences, allowing us to customize our Website and our App according to your individual interests;
· recognize you when you return to our Website and our App.
The technologies we use for this automatic data collection may include:
· Cookies (or browser cookies). We and our service providers may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Website and App through your computer or mobile device. A cookie is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access certain parts of our Website or use certain parts of our App. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website or use our App.
· Google Analytics. We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of the Website. Google Analytics uses “cookies”, which are text files placed on your computer, to help the Website analyze how users use the site. You can find out more about how Google uses data when you visit our Website by visiting “How Google uses data when you use our partners' sites or apps”, (located at www.google.com/policies/privacy/partners/). We may also use Google Analytics Advertising Features or other advertising networks to provide you with interest-based advertising based on your online activity. For more information regarding Google Analytics please visit Google's website, and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html.
WE USE YOUR PERSONAL DATA FOR VARIOUS PURPOSES DESCRIBED BELOW, INCLUDING TO:
· PROVIDE OUR WEBSITE OR APP TO YOU;
· PROVIDE PRODUCTS AND SERVICES TO YOU;
· PROVIDE YOU WITH INFORMATION YOU REQUEST FROM US;
· ENFORCE OUR RIGHTS ARISING FROM CONTRACTS;
· NOTIFY YOU ABOUT CHANGES; AND
· PROVIDE YOU WITH NOTICES ABOUT YOUR ACCOUNT.
We use information that we collect about you or that you provide to us, including any Personal Data to:
· Present our Website and its contents to you;
· Present our App;
· Provide our products and services to you;
· Provide you with health-care related information, products, or services that you request from us or that may be of interest to you;
· Enable your health and social service providers also using BMH CARE ANYWHERE to better provide you with those health or social services;
· Enable your family circle and circle of care to be better informed and engaged on your health and wellbeing to better provide you support (if you elect the Circle of Care option);
· Process, fulfill, support, and administer transactions and orders for products and services ordered by you;
· Provide you with notices about your BMH CARE ANYWHERE account;
· Contact you in response to a request;
· Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
· Notify you about changes to our Website, our App, or any products or services that BMH CARE ANYWHERE offers or provides though them;
· In any other way we may describe when you provide the information; and
· For any other purpose with your consent.
We may also use your information to contact you about health care related goods and services that Beaufort Memorial Hospital provides and that may be of interest to you, including through newsletters. If you wish to opt-out of receiving such communications, you may do so at any time by clicking unsubscribe at the bottom of these communications or by visiting your Account Preferences page. For more information, see Choices About How We Use and Disclose Your Information.
There are several ways you can use the App and our Website to help accomplish your health goals:
(1) Health Communities: We enable people to join Health Communities, where they can participate with others to share health information, their own personal health experiences and other information online using BMH CARE ANYWHERE. By doing this, the platform provides support, aids self-management, and improves interactions with professionals; all with the aim of improving day-to-day health and well-being.
When a user posts, comments or replies in our Health Communities they are identified only by their chosen username. A user selects a user-name upon registration and can change it in their profile setting at any time using BMH CARE ANYWHERE. If a user wishes to remain anonymous for postings in Health Communities, we suggest that they choose a username that does not identify them.
(2) Secure Messaging: The purpose of the Secure Messaging is to message with other users in BMH CARE ANYWHERE about a patient’s health and well-being including the provision or coordination of particular health or social service. Users accessing the Secure Messaging can be the patient, but could include the patient’s caregivers, family members or the patient’s associated health and social service professionals. All the information used in the Secure Messaging is restricted and can only be seen and accessed by the patient’s authorized health and social service providers or those caregivers or family members invited to participate in a patient’s “Circle of Care”.
The Secure Messaging can also send patients or their caregivers surveys to collect information. These surveys are typically used to track symptoms, vital signs, wellbeing questions or patient satisfaction or quality of service information. The messaging and surveys can collect Personal Identifier Information “PII” and Personal Health information “PHI” or both.
The patient, or their caregiver, (if the patient has provided consent to allow the caregiver access), controls who has access to the patient’s Circle of Care. This access can be changed/removed by the Patient or Caregiver at any time by using BMH CARE ANYWHERE.
When using the Secure Messaging you understand that you are allowing your Circle of Care to view your PII and PHI as it is included in the messaging or surveys you are part of. If you are not comfortable sharing your PII or PHI with your “Circle of Care” do not use BMH CARE ANYWHERE Secure Messaging or restrict your messaging or responses to only information you wish to share.
While using BMH CARE ANYWHERE to connect to others with similar health issues, and integrating your health and social services, may can improve a person’s health and wellbeing, this service necessarily involves sharing sensitive information about your health and treatment. Therefore, we want to share the clear and transparent privacy guidelines we use to enable you to understand what we do and how we protect your information and how you can control what happens to information you share on BMH CARE ANYWHERE.
WE DO NOT SHARE, SELL, OR OTHERWISE DISCLOSE YOUR PERSONAL DATA FOR PURPOSES OTHER THAN THOSE OUTLINED IN THIS PRIVACY POLICY. WE DISCLOSE YOUR PERSONAL DATA TO A FEW THIRD PARTIES, INCLUDING:
· TO A COMPANY WE MERGE, ACQUIRE, OR THAT BUYS US, OR IN THE EVENT OF CHANGE IN STRUCTURE OF OUR COMPANY OF ANY FORM;
· TO COMPLY WITH OUR LEGAL OBLIGATIONS;
· TO ENFORCE OUR RIGHTS; AND
· WITH YOUR CONSENT.
We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose Personal Data that we collect or you provide as described in this privacy policy:
· When we have your permission to enable your health and social service providers also using BMH CARE ANYWHERE to better provide you with those health or social services.
· When we have your permission to enable your family circle and circle of care to be better informed and engaged on your health and wellbeing to better provide you support.
· When we have your permission, including when you choose to share information by posting to our Health Communities, messaging in chats or using the Secure Messaging to message with your Circle of Care.
· With affiliates, contractors, service providers, and other third parties we use to support our business. The services provided by these organizations include providing IT and infrastructure support services, and ordering, marketing, and payment processing services.
· With a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by BMH CARE ANYWHERE about our Website and App users are among the assets transferred.
· To fulfill the purpose for which you provide it.
· For any other purpose disclosed by us when you provide the information.
· With your consent.
We may also disclose your Personal Data:
· to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
· to enforce or apply our Terms of Use and other agreements, including for billing and collection purposes; and
· if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of BMH CARE ANYWHERE, our BMH CARE ANYWHERE providers, or others, in accordance with applicable law.
WE OFFER YOU CHOICES ON HOW YOU CAN OPT OUT OF OUR USE OF TRACKING TECHNOLOGY, AND OTHER TARGETED ADVERTISING.
We do not control the collection and use of your information collected by third parties.
In addition, we strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:
· Opt-Out. Our App and Website permit you to "opt-out". You may contact us at 1-843-522-7922, at any time to let us know that you no longer wish to participate in any BMH CARE ANYWHERE service, or receive further emails or for transactions. If you opt-out, we may still send you transactional emails. Transactional emails include emails about your account and our business dealings with you, such as renewals and updates, and, as allowed by applicable law.
· Cookies. When you use our website, you can usually choose to set your browser to remove cookies and to reject cookies from our servers, if we collect information from you. If you choose to remove or reject cookies, this could affect certain features or services of our website. For information about how to remove or manage cookies please read our Cookie Policy.
· Access to and Correction of Your Information. You may have the right, to ask us to provide a copy of the personal information we hold about you (provided that we may ask you for a few forms of proof of your identity). You may also have the right to ask us to correct any inaccuracies in your personal information or to ask us to delete it. We will always consider and act upon these requests.
· Tracking Technologies and Advertising. You can set your browser or operating to refuse all or some cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our Website or App may then be inaccessible or not function properly
· Promotional Offers from BMH CARE ANYWHERE. If you do not wish to have your email address used by BMH CARE ANYWHERE to promote our own products and services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive from us or logging onto your Account Preferences page. This opt out does not apply to information provided to BMH CARE ANYWHERE as a result of a product purchase, or your use of our services.
· Targeted Advertising. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative websites (www.aboutads.info and www.networkadvertising.org). Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.
YOU MAY REVIEW AND CHANGE YOUR PERSONAL INFORMATION BY LOGGING INTO THE APP OR WEBSITE AND VISITING YOUR ACCOUNT PREFERENCES PAGE.
You can review and change your Personal Data by logging into our Website or App and visiting either the Settings or Account Preferences sections of our App or Website. You may also notify us through the Contact Information below of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible or to delete your account. We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
WE CURRENTLY DO NOT USE AUTOMATED DATA COLLECTION TECHNOLOGIES TO TRACK YOU ACROSS WEBSITES. WE CURRENTLY DO NOT HONOR DO-NOT-TRACK SIGNALS THAT MAY BE SENT BY SOME BROWSERS.
Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals, but we currently do not use automated data collection technologies to collect information about your online activities over time and across third party websites or other online services (behavioral advertising).
INFORMATION TRANSMITTED OVER THE INTERNET IS NOT COMPLETELY SECURE, BUT WE DO OUR BEST TO PROTECT YOUR PERSONAL DATA. YOU CAN HELP PROTECT YOUR PERSONAL DATA AND OTHER INFORMATION BY KEEPING YOUR PASSWORD TO OUR WEBSITE CONFIDENTIAL.
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us.
The safety and security of your information also depends on you. Where you have chosen a password for the use of our Website or App, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Website or on or through our App. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website, in your operating system, or in the App.
California Civil Code Section 1798.83 (California’s “Shine the Light” law) permits users of our Website that are California residents and who provide Personal Data in obtaining products and services for personal, family, or household use to request certain information regarding our disclosure of Personal Data to third parties for their own direct marketing purposes. If applicable, this information would include the categories of Personal Data and the names and addresses of those businesses with which we shared your Personal Data with for the immediately prior calendar year (e.g. requests made in 2012 will receive information regarding such activities in 2019). You may request this information once per calendar year. To make such a request, please contact us using the Contact Information below.
WE WILL POST ANY CHANGES TO OUR PRIVACY POLICY ON OUR WEBSITE. IF WE MAKE MATERIAL CHANGES TO OUR PRIVACY POLICY, WE MAY NOTIFY YOU OF SUCH CHANGES THROUGH YOUR CONTACT INFORMATION AND INVITE YOU TO REVIEW (AND ACCEPT, IF NECESSARY) THE CHANGES.
We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on the Website’s home page or the App’s home screen. If we make material changes to how we treat our users’ Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on the Website’s home page or the App’s home screen. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically accessing the App or visiting our Website and reviewing this Privacy Policy to check for any changes.
If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below or through the “Contact Us” page on our Website or in the App.
How to Contact Us:
Privacy Officer955 Ribaut Road, 4th floor
Beaufort, South Carolina, 29902
Telephone: 1-843-522-5108
Email: info@bmhsc.org
Beaufort Memorial Hospital (sometimes referred as “we” “us” or “our”) is a covered entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) for the purpose of complying with the provisions that protect the privacy and security of your health information.
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Except as provided by law, you have a right to adequate notice of the uses and disclosures of protected health information that may be made by us, and of your rights and our legal duties with respect to protected health information.
Protected health information (PHI) is information about you, including certain demographic information that may identify you and relates to your past, present, or future physical or mental health or condition, the provision of health care to you, or the payment for that care.
We respect the privacy of your PHI and are committed to keeping it confidential. This Notice describes how we may use and disclose your PHI that we have received or created and describes your rights of access to and our obligations regarding your PHI.
We are required by law to take reasonable steps to protect the privacy of your PHI and to provide to you this Notice about our legal duties and privacy practices and your rights concerning your PHI and to notify you following any breach of unsecured PHI. We are required to abide by the terms of the Notice then in effect.
We may use and disclose your PHI for purposes of payment, treatment, and health care operations. We have described these categories below and provide examples of the types of uses and disclosures we may make in each one.
For Payment. We may use and disclose your PHI so that we can bill and receive payment for the treatment and services you receive. For billing and payment purposes, we may disclose your PHI to your representative, insurance or managed care company, Medicare, or a third party payor. For example, we may contact Medicare to confirm your coverage for treatment by one of our providers.
For Treatment. We will use and disclose your PHI in providing you with treatment and services. We may disclose your PHI to our personnel and others who may be involved in your care, such as physicians, nurses, nurse aides, hospice staff, consultants, and therapists. For example, a nurse caring for you will report any change in your condition to your physician. We also may disclose PHI to individuals who will be involved in your care after you leave Beaufort Memorial Hospital.
For Health Care Operations. We may use and disclose your PHI to conduct and support our business and management activities. For example, we may use and disclose your PHI to conduct business planning activities, to carry out legal services and auditing functions, to manage and monitor our quality of care (including the performance of our staff) and for general administrative duties.
Appointment Reminders. We may use or disclose PHI to remind you about appointments. If you are not at home, we may leave a message.
As Required By Law. We will disclose your PHI when required by law to do so.
Business Associates. We may disclose your PHI to a business associate who creates, receives, maintains or transmits information on our behalf that involves the use and/or disclosure of PHI, if we have a written contract with the business associate that contains terms designed to protect the privacy of your PHI. The definition of a business associate also includes a subcontractor that creates, receives, maintains, or transmits PHI on behalf of the business associate. A subcontractor also means a person to whom a business associate delegates a function, service, or activity other than as a member of the business associate’s workforce. Examples of business associates include our attorneys or accountants and any of their subcontractors.
Beaufort Memorial Hospital Directory. Unless you object, we will include certain limited information about you in our directory. This information may include your name, your location, your general condition (e.g. “...is improving...”) and your religious affiliation. Our directory does not include specific medical information about you. We may release information in our directory, except for your religious affiliation, to people who ask for you by name. We may provide the directory information, including your religious affiliation, to a member(s) of the clergy.
Coroners, Medical Examiners, Funeral Directors, Organ Procurement Organizations. We may disclose your PHI to a coroner, medical examiner, funeral director or, if you are an organ donor, to an organization involved in the donation of organs and tissue.
Disaster Relief. We may disclose your PHI to assist in a disaster relief effort.
Fundraising Activities. We may use certain PHI to contact you in an effort to raise money for our operations. We may also disclose demographic information and dates of health care to a business associate or foundation related to us so that the foundation may contact you to raise money for us. You may choose to opt out of receiving this information by so informing the Beaufort Memorial Hospital Director of Marketing and Communications.
Health Oversight Activities. We may disclose your PHI to a health oversight agency for oversight activities authorized by law. These may include, for example, audits, investigations, inspections and licensure actions or other legal proceedings. These activities are necessary for government oversight of the health care system, government payment or regulatory programs, and compliance with civil rights laws.
Health-Related Benefits and Services. We may use or disclose PHI to inform you about health-related benefits and services that may be of interest to you.
Individuals Involved in Your Care or Payment for Your Care. Unless you object, we may disclose your PHI to a family member, other relative, or close personal friend who is involved in your care. If you are present and have the capacity to make health care decisions, we may use or disclose this information to notify these individuals of your location, general condition, or death, as long as we have obtained your agreement, given you an opportunity to object and you do not, or it is reasonable to infer from the circumstances that you do not object. If you are not present or are unable to agree or object due to incapacity or an emergency situation, we may exercise our professional judgment to determine whether disclosure of information relevant to the individual’s involvement in your care is in your best interests.
Judicial and Administrative Proceedings. We may disclose your PHI that is expressly authorized by a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request, or other lawful process that is not accompanied by an order of a court or administrative tribunal if we have satisfactory assurance that you have been given notice of the request or to obtain an order or agreement protecting the information.
Law Enforcement. We may disclose your PHI for certain law enforcement purposes, including:
• As required by law to comply with reporting requirements;
• To comply with a court order, warrant, subpoena, summons, investigative demand or similar legal process;
• to identify or locate a suspect, fugitive, material witness, or missing person (limited to certain categories of PHI);
• When information is requested about the victim of a crime if the individual agrees or under other limited circumstances;
• To report information about a suspicious death;
• To provide information about criminal conduct;
• To report information in emergency circumstances about a crime; or
• Where necessary to identify or apprehend an individual relevant to a violent crime or escape from lawful custody.
Military and Veterans. If you are a member of the armed forces, we may use and disclose your PHI as required by military command authorities. We may also use and disclose PHI about foreign military personnel as required by the appropriate foreign military authority.
National Security and Intelligence Activities: Protective Services for the President and Others. We may disclose PHI to authorized federal officials conducting national security and intelligence activities or as needed to provide protection to the President of the United States, certain other persons or foreign heads of states or to conduct special investigations.
Public Health Activities. We may disclose your PHI for public health activities. These activities may include, for example, the following:
• Reporting to a public health or other government authority for preventing or controlling disease, injury or disability, or reporting child abuse or neglect;
• Reporting to the federal Food and Drug Administration (FDA) concerning adverse events or problems with products for tracking products in certain circumstances, to enable product recalls or to comply with other FDA requirements, or
• Notifying a person who may have been exposed to a communicable disease or may otherwise is at risk of contracting or spreading a disease or condition.
Reporting Victims of Abuse, Neglect or Domestic Violence. If we believe that you have been a victim of abuse, neglect or domestic violence, we may use and disclose your PHI to notify a government authority if required or authorized by law, or if you agree.
Research. We may allow PHI to be used or disclosed for research purposes provided that the researcher adheres to certain privacy protections. Your PHI may be used for research purposes only if the privacy aspects of the research have been reviewed and approved by a special Privacy Board or Institutional Review Board, if the researcher is collecting information in preparing a research proposal, if the research occurs after your death, or if you authorize the use or disclosure.
To Avert a Serious Threat to Health or Safety. We may use and disclose your PHI when we believe in good faith that the disclosure is necessary to prevent a serious threat to your health or safety or the health or safety of the public or another person. However, any disclosure would be made only to someone we, in good faith, reasonably believe is able to help prevent or lessen the threat.
Other uses and disclosures of PHI not covered by this Notice will be made only with your written Authorization. If you give us written Authorization to use or disclose your PHI, you may revoke that Authorization, in writing, at any time. If you revoke your Authorization, we will no longer use or disclose your PHI for the purposes covered by the Authorization other than those described in the Notice. You understand that we are unable to take back any disclosures we have already made in reliance on the Authorization.
Most uses and disclosures of psychotherapy notes (where appropriate), PHI for marketing purposes, and disclosures regarding a sale of PHI require authorization, and other uses and disclosures not described in this Notice will be made only with your authorization.
You have the following rights regarding your PHI:
Right of Access to PHI. You have the right to inspect and obtain a copy of your medical or billing records or other written information that may be used to make decisions about your care, subject to limited exceptions such as psychotherapy notes or information compiled in anticipation of litigation. Your request for access must be made in writing and must be submitted to Beaufort Memorial Hospital Health Information Services Department on a form that is available in their office. We may charge a reasonable fee for our costs in copying and mailing your requested information.
We may deny your request to inspect or receive copies in certain limited circumstances. Access may be denied, for instance, to protect the confidentiality of another individual, to safeguard information covered by the Privacy Act, or in other circumstances outlined by the Privacy Rule. If you are denied access to PHI, in some cases you will have a right to request review of the denial, such as those that are based upon endangerment to another individual or those involving a reference to another individual. This review would be performed by a licensed health care professional we designate who did not participate in the decision to deny your initial request.
Right to a Paper Copy of This Notice. You have the right to obtain a paper copy of this Notice, even if you have agreed to receive this Notice electronically. You may request a copy of this Notice at any time. You may obtain a copy of this Notice at our website: https://www.bmhsc.org/patients-and-visitors/for-patients/request-medical-records/notice-of-privacy-practices
Right to an Accounting of Disclosures. You have the right to request an “accounting” of our disclosures of your PHI. This is a listing of certain disclosures of your PHI made by us or by others on our behalf, but does not include disclosures for payment, treatment, and health care operations or certain other exceptions.
To request an accounting of disclosures, you must submit a request in writing, stating a time period beginning after April 14, 2003 that is within six years from the date of your request. An accounting will include, if requested: the disclosure date; the name of the person or entity that received the information and address, if known; a brief description of the information disclosed; a brief statement of the purpose of the disclosure or certain summary information concerning multiple similar disclosures. The first accounting provided within a 12-month period will be free; for further requests, we may charge you our costs.
You have a right to or will receive notifications of breaches of your unsecured PHI should that event occur. This notice will come to you from the HIPAA privacy officer.
Right to Request Amendment. You have the right to request us to amend any PHI we maintain for as long as the information is kept by or for us. You must make your request in writing and must state the reason for the requested amendment. We may deny your request for amendment if the information:
• was not created by us, unless the originator of the information is no longer available;
• is not a part of the designated record set (e.g. medical or billing records) maintained by or for us;
• is not a part of the information to which you have a right of access; or
• is already accurate and complete, as we determine.
If we deny your request for amendment, we will give you a written denial including the reason for the denial and the right to submit a written statement disagreeing with the denial.
Right to Request Confidential Communications. You have the right to request that we communicate with you concerning PHI in a certain manner or at a certain location. For example, you can request that we contact you only at a certain phone number. We will accommodate your reasonable requests. You must make your request in writing and specify how and where you wish to be contacted.
Right to Request Restrictions. You have the right to request restrictions in writing on our use or disclosure of your PHI for payment, treatment, or health care operations.
You also have the right to restrict the PHI we disclose about you to a family member, friend, or other person who is involved in your care or the payment for your care. We are not required to agree to your requested restriction (except that while you are competent you may restrict disclosures to family members or friends) (and except that we must agree to restrict a disclosure of PHI to your insurance company/health plan if the disclosure would be for payment or health care operations purposes and is not otherwise required by law to be disclosed and we are paid in full for it by you (or a person acting on your behalf). If we do agree to accept your requested restriction, we will comply with your request except as needed to provide you emergency treatment.
Beaufort Memorial Hospital must follow both federal and state law to the extent they do not conflict with one another. HIPAA generally will take precedence over state laws that are contrary to HIPAA unless (1) the state law relates to the privacy of PHI and offers protections greater than those available to you under HIPAA or (2) the state law provides for the reporting of disease or injury, child abuse, birth, or death, or for the conduct of public health. In those cases, the state law will take priority over HIPAA.
The following are just a few examples of some common situations where South Carolina or other federal laws require us to protect or share your information:
If you receive treatment for drug or alcohol use in a federally funded rehabilitation center, federal laws prevent us from releasing that information, except in certain situations. One or more of our facilities and services are subject to inspection by state and federal agencies and accreditation representatives who may review patient health information, which we are required to provide (you may have certain rights to object to review of your record).
If you believe that your privacy rights have been violated, you may submit a complaint in writing to Beaufort Memorial Hospital HIPAA privacy officer or you may file a complaint with the Secretary of the U. S. Department of Health and Human Services (Office of Civil Rights). We will provide you with the address to file your complaint with the U. S. Department of Health and Human Services upon request. We support your right to privacy of your PHI. We will not retaliate against you if you file a complaint with us or with the U. S. Department for Health and Human Services (Office of Civil Rights).
We reserve the right to change our privacy practices and the terms of this Notice at any time. The revised Notice will be effective for all PHI we already received as well as for all PHI we receive in the future. We will post a copy of the current Notice in the administrative office of Beaufort Memorial Hospital. In addition, we will post a copy of the revised Notice on our web site and provide a copy to you upon request. Please make your request for a copy of this Notice to Beaufort Memorial Hospital privacy officer.
We have designated the compliance officer as the HIPAA privacy officer. If you have any questions about this Notice or would like further information concerning your privacy rights, the HIPAA Privacy Officer may be contacted at: 955 Ribaut Rd, 4th floor, Beaufort, SC 29902 or via telephone at (843) 522-5108.