Mask and Visitor Policies: Following CDC and state of NC guidance, masks are still required in all Atrium Health facilities. View our current visitor policy

Atrium Health

ENTERPRISE NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS YOUR HEALTH INFORMATION. PLEASE REVIEW IT CAREFULLY.

Last updated August 6, 2021

PROTECTING YOUR PRIVACY

At Atrium Health, we understand that your health information is personal and we are committed to protecting your privacy. This Notice describes how your health information may be used and disclosed, how we protect your information and your rights under the Health Insurance Portability and Accountability Act (“HIPAA”). We are required by law to:

  • Maintain the privacy of your health information as outlined in this Notice
  • Provide you with notice of our legal duties and privacy practices related to your health information
  • Follow the terms of the Notice currently in effect

Atrium Health reserves the right to change this Notice. A copy of the most current Notice and other information referenced in it will be available by accessing our website at www.AtriumHealth.org/For-Patients-Visitors/Privacy. We will refer to this web address as our “Privacy Page” throughout the Notice.

WHO FOLLOWS THIS NOTICE

This Notice is followed by Atrium Health and its affiliated covered entities (ACE), which include healthcare facilities and other providers that are under our common ownership or control. A current list of ACE members can be found at our Privacy Page. These locations share information with each other as necessary to carry out treatment, payment, healthcare operations, and other purposes described in this Notice. Our employees, volunteers, contractors, and medical staff members also follow this Notice while they are handling your patient information for us or while providing healthcare services at our locations. We are also an academic medical center, which means our faculty, residents, fellows, students, and trainees also follow this Notice while they are learning with us. Note that independent providers are legally separate and responsible for their own acts; Atrium Health is not responsible for how they provide care or handle your information.

HOW YOUR INFORMATION IS USED AND SHARED

Atrium Health follows all applicable laws related to protected health information. While not every use and disclosure of your health information can be described in this Notice, we have highlighted the most common ones below.

For Treatment

We may use and share your health information to provide, coordinate, or manage your health care and related services, both with our own providers and with others, including outside providers, involved in your care. For example, your surgery team may need to know if you have diabetes so they can work with a dietitian to get you low sugar meals while you are in the hospital. Our case managers may need to share your diabetes diagnosis with outside providers and community agencies so they can support your recovery after discharge. We might also share your information with a registry to gain insights about how to improve the way we treat diabetes.

We may use and share your health information to tell you about possible treatment options or alternatives that may interest you. For example, if you have cardiac issues, we may tell you about exercise resources or apps that could support your heart health. In many situations, you sign up directly with a vendor to use the apps, not through Atrium Health. We encourage you to carefully review any terms of use that may apply to the apps or other tools that you may use, as we are not responsible for what they do with your information.

For Payment

We may use and share your health information with others to bill and collect payment for the services we provide to you, such as with billing vendors, collection agencies, insurance companies, health plans and their agents, and consumer reporting agencies. For example, if you broke your leg, we may need to share information about your condition, the supplies used, and the services you received (such as X-rays or surgery) with your health plan so they can pay your bill. We may also contact payors before you receive scheduled services, such as to confirm your procedure qualifies for coverage. Unless you specifically tell us otherwise, we will assume you want us to bill your insurance that is on file in our records.

For Health Care Operations

We may use and share your health information to carry out business activities that help us operate our health system, improve the quality and cost of patient care, and conduct other health care operations. For example, we may look at patient information to evaluate the performance of our staff, plan new services, identify new locations for services, or to send you a survey. We may use and disclose your health information to comply with this Notice and with applicable laws, or in connection with a transaction or sale affecting all or part of our business. We can also share your information with other providers who have a relationship with you for their own health care operations, even if they are not affiliated with us.

Communicating With You

We may use and share health information to contact you about treatment, care, or payment. For example, we may use the phone numbers (including mobile) and email addresses we have on file to send you phone calls, emails, text messages, or other communications related to your care. We may also send you appointment or check-up reminders, information about upcoming health screening events, research information, or contact you to ask for feedback regarding your care at Atrium Health. These messages may be sent using automated dialing and/or pre-recorded messages. You have the right to opt out of receiving these messages. To opt out of text messages, please follow the opt out prompt in the text message or for more information, see our Privacy Page. If you send us unencrypted emails or texts, you understand there are security risks in doing so and you accept those risks.

Business Associates

Sometimes, we hire other people and companies, known as business associates, to help us perform services and manage our operations. Examples include medical record copy services or storage companies, healthcare monitoring companies, collection agencies, software companies, and medical directors. We need to share health information with these vendors so they can perform the job we have asked them to do. They must sign a contract that requires them to protect your health information and keep it confidential, which they are also required to do by law.

Other Health Care Arrangements (OHCAs and ACOs)

Atrium Health participates in organized health care arrangements (OHCAs), such as with medical staff and care coordinators while at our locations, and in affordable care organizations (ACOs). These arrangements allow us to share information with other entities and providers that participate in a clinically integrated setting. We do this to provide better care and achieve value; for treatment, payment, and health care operations purposes; and, for joint activities of the participating entities and providers. Please see our Privacy Page for more information.

Special Situations

Some state and federal laws provide additional privacy protections for certain health information. For example, some states give unemancipated minors the legal right to consent to certain types of care and protect the privacy of that minor’s information when they consent to and receive that care, with some exceptions. When a state law or other federal law requires us to give more protection to your health information than this Notice or HIPAA requires, we will give that additional protection to your health information. For example, at Substance Use Treatment locations and Behavioral Health facilities, additional federal and state laws may apply which provide additional protections. More detailed information is available at our Substance Use Treatment Locations and at Behavioral Health facilities.

Additional Uses and Disclosures of Your Health Information

Federal and state laws allow us to use or disclose your health information without your permission in certain situations. These include:

  • As required by local, state or federal law, such as to report gunshot wounds or respond to a subpoena
  • As required by government agencies for health oversight activities, such as to state regulators and health agencies
  • To avert a serious and imminent threat to health or safety to you or to someone else
  • For organ tissue donation purposes, such as to an organ procurement organization when a patient is an organ donor
  • For public health activities, such as to the CDC or health department to prevent or control a communicable disease
  • For a legal proceeding, such as if we are required to respond to a warrant or court order
  • To law enforcement and correctional institutions, such as in response to certain crimes or to find a missing person
  • For disaster relief purposes, such as to the American Red Cross or FEMA in the event of a natural disaster, such as in a hurricane or a public emergency
  • For workers’ compensation claims as allowed by state law

 

Authorization for Other Uses of Health Information

Before we use or share your health information for a purpose that is not covered by this Notice or required or permitted by law, we will ask for your written permission. For example, we will ask for your authorization to use or share psychotherapy notes as defined by HIPAA, to use your health information for marketing purposes, or to share your information in a way that would be considered the sale of health information. Note that we may remove or combine individual identifiers so the information becomes anonymous; once it is anonymous, we can use or share it without permission.

YOUR RIGHTS TO OPT OUT OF OR OBJECT TO CERTAIN USES OR DISCLOSURES

Fundraising Activities

We may use some of your health information to identify causes you may care about and wish to support through a donation to advance patient care, health care education, and research. This information may include your contact, demographic, and insurance information; date(s) and location of treatment; provider name; and if you would be likely to support our charitable causes. You have the right to opt out of fundraising communications by contacting our development offices at the information listed on our Privacy Page. To help us honor your request, please include your name, address, and phone number. Opting out of fundraising communications will not affect your ability to obtain health care at Atrium Health. Note: Your household may still receive general fundraising materials from us that do not require use of protected health information.

Health-Related Benefits and Services

We may use and disclose your information to tell you about health-related benefits or services that may be of interest to you. For example, if you just had a baby, we may use that information to send you tips for caring for a newborn or resources for new Moms. As a general rule, we do not sell your information or get paid by vendors to communicate with you without your written authorization. You may choose not to receive any communication from us that encourages you to purchase or use any particular product or service by contacting us at AtriumHealth.org/Contact-Us.

Facility Directory

We may include your name, your location in the hospital, and your general condition (e.g., good, fair, serious, etc.) in our hospital directory while you are a patient. We will share this directory information with people who ask for you by name. We can also share your religious affiliation with clergy affiliated with your faith, regardless of whether they ask for you by name. To opt out of being included in the facility directory, please notify the staff member registering you or providing your care. The opt out only applies to that encounter and you will have to make a new request to opt-out if you would like to be removed from the directory during your next stay.

Individuals Involved in Your Care or Payment

We may share your health information with a family member, personal representative, a health care power of attorney, a legal guardian, friend, or other person you identify or who is involved in your care or payment for that care. For example, if you bring a sibling to your appointment or have a friend pick you up from a procedure and you do not object to them hearing your information, then we can share relevant information with them or with them present. We could also tell your family how to care for you at home or share billing information if they are helping with your bills or covering your services. We may also share information to notify people involved in your care about your location, general condition or death. Some laws also require us to notify those involved in your care that you have been admitted, transferred, or discharged from a facility. To opt out of these notifications, please notify the staff member registering you or providing your care. If you are unable to make decisions for yourself or it is an emergency, we will use our professional judgment to decide if it is in your best interests to share your health information with those involved in your care. In some cases, we may require proof of their authority, such as with a health care power of attorney.

Electronic Records and Health Information Exchanges

Your health information will be stored in our electronic medical record, including Epic, so your care community can help you. Your information may also be available through health information exchanges or through clinically integrated networks that allow member providers to securely exchange health information for treatment purposes. By seeing records of past care received at other locations, providers can make more informed decisions about care plans and avoid duplicative or unnecessary treatment.

We also participate in several health information exchanges (HIEs), including NC Health Connex (hiea.nc.gov/patients). You do not have to participate in an HIE to receive care from us and can opt out but opting out of an HIE does not stop us from using or sharing your information as described in this Notice. Visit our Privacy Page to learn more about how they share your information and to access the opt out forms. Note that our ability to use and share your information as described in this Notice is not affected by whether or not you participate in an HIE.

Research

We are committed to supporting new knowledge and developing new treatments that benefit our patients. Some of that research requires that we use and disclose certain patient information for varying periods of time. Sometimes, the research only involves looking at data, while other types of research involve the patient themselves. Regardless, all research projects undergo a special approval process that balances the research needs with participant’s privacy and safety. If you would like more information about our research, visit https://ctsi.wakehealth.edu/regulatory/human.

YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION

You have certain rights regarding the health information we maintain about you, which are outlined below. Our Health Information Management Department (HIM) oversees many of these rights. The request forms and instructions are available on the Medical Records / HIM website at atriumhealth.org/for-patients-visitors/medical-records. Your patient portal also has links to some of these request forms and you can access some of your information through your patient portal. If you have any questions, please call HIM at 704-667-9500 or toll-free at 844-383-2109 and they will be happy to help you.

Right to a Copy of Your Health Records

You can ask for a copy of part or all of your medical record, though certain exceptions may apply. For example, if your doctor decides something in your record might endanger you or someone else, your request may be denied in whole or in part. To request a copy of your record, go to the Medical Records/HIM website and submit the Patient Request for Access form. In most cases, you will receive the information within 30 days of when we receive your request, unless we let you know we need another 30 days, such as if the records are in storage. In some situations, there may be a fee for the records.

Right to Revoke or Cancel an Authorization

You can sign an Authorization to give us permission to share your information with others, such as with your employer or a life insurance company. You can revoke (cancel) that permission at any time by going to the Medical Records/HIM website and submitting the Revocation of Authorization for Release of Information form. Once we have processed your revocation, we will no longer use or share your health information under the revoked Authorization. We cannot, however, take back information we have already shared.

Right to Request Changes to Your Health Information

You can ask to change or add information to your health record that you think is wrong or incomplete as long as the information is kept by Atrium Health. For example, you may remember telling the doctor that you fell riding your bike, but the record says you tripped over your dog. To request an amendment, go to the Medical Records/HIM website and submit the Health Information Amendment form. Your provider has the right to decide whether to accept or deny your request in whole or in part. We will let you know the decision within 60 days, though we will let you know if we need another 30 days and why. Regardless of the decision, your amendment request will be noted in your record, as well as your disagreement letter if you choose to send one.

Request an Accounting of Disclosures

You have the right to ask for a list of entities we have shared your information with over the last six years known as an “accounting of disclosures”. Note the list will not include disclosures made to those involved in treatment, payment, or for health care operations, or certain other disclosures, including those authorized by you. To request an accounting of disclosures, go to the Medical Records/HIM website and submit the Request for Accounting form. You must include the time frame for the request. You can get one accounting of disclosures at no charge every 12 months; after that, there may be a fee. In most cases, we will send the accounting of disclosures within 60 days. If we need an extra 30 days, we will let you know.

Request Restrictions on Sharing Your Information

You have the right to ask that we limit how we use or share your information for treatment, payment or health care operations. You can also ask us to limit sharing information with others involved in your care, such as a family member or friend. To request a restriction, go to the Medical Records/HIM website and submit the Request for Restrictions on Use and Disclosure of Information form. We are not required to agree to your request, except as stated below. If we do agree to the request, the restriction will go into effect when we notify you. Even if we agree, the restriction may not be followed in some situations, such as emergencies or when required by law. If you restrict us from sharing information with your health plan and pay for the visit in advance, we will not share the information for that visit with the plan. We call this a self-pay billing restriction, and this will not affect our ability to share your information for treatment purposes. You must complete certain forms for a self-pay billing restriction at each location of care, and the forms are available at the registration desk.

Request That We Change How We Contact You

You can make reasonable requests to be contacted at different places or in different ways. For example, you may ask that we call you on your cell phone instead of your home number or that we send results to your office instead of your home. To request confidential communications, go to the Medical Records/HIM website and submit the Request for Confidential or Alternative Means of Communication form. You are not required to tell us the reason for your request. We will accommodate reasonable requests, but your request must specify how or where you wish to be contacted.

Right to a Paper Copy of This Notice

You have the right to a paper copy of this Notice upon request. You may also get a copy of this Notice at any time from our Privacy Page, or from the location where you obtained treatment.

Right to Be Notified of a Breach

You have the right to be notified if your unsecured health information is acquired, used, or shared in a manner not permitted under law that results in more than a low risk of compromise to its security or privacy.

CHANGES TO THIS NOTICE OF PRIVACY PRACTICES

We reserve the right to change and update this Notice at any time. The revised Notice will be effective for health information we already have about you, as well as for any health information we create or receive in the future. The effective date is listed on the first page of the Notice and we will post the current copy at each registration location and on our website, www.atriumhealth.org.

COMPLAINTS AND CONTACTS

If you have questions about this Notice or believe we impermissibly shared or used your information or that your rights were denied under HIPAA, you can file a complaint with Atrium Health by calling our main number at 704-355-2000 and ask to speak with the Privacy Department. You can also email us at privacy@atriumhealth.org. You can file a complaint with the Secretary of the Department of Health and Human Services by going to hhs.gov/HIPAA. You will not be punished for filing a complaint.

Close