Legal Affairs

Operations Division

Notice of Privacy Practices

PDF Format, 1.1 MB

The broad mission and extensive scope of operations of the app,򾺲app of Regents of the University System of Georgia, including the constituent colleges and universities of the University System of Georgia (collectively, the “app,򾺲app”), necessitates that the app,򾺲app collect, maintain, and, where necessary, disseminate health information regarding the app,򾺲app’s students, employees, volunteers, and others. For example, the app,򾺲app collects medical information through its various medical and dental hospitals, clinics, and infirmaries, through the administration of its various medical and life insurance programs, and through its various environmental health and safety programs. The app,򾺲app protects the confidentiality of individually identifiable health information that is in its possession. Such health information, which is protected from unauthorized disclosure by app,򾺲app policies and by state and federal law, is referred to as “protected health information,” or “PHI.”

PHI is defined as any individually identifiable health information regarding an employee’s, a student’s, or a patient’s medical/dental history; mental or physical condition; or medical treatment. Examples of PHI include patient name, address, telephone and/or fax number, electronic mail address, social security number or other patient identification number, date of birth, date of treatment, medical treatment records, medical enrollment records, or medical claims records.

The app,򾺲app will follow the practices that are described in this Notice of Privacy Practices (“Notice”). The app,򾺲app reserves the right to change the terms of this Notice and of its privacy policies, and to make the new terms applicable to all PHI that it maintains. Before the app,򾺲app makes an important change to its privacy policies, it will promptly revise this Notice and post a new Notice in conspicuous locations.

Permitted Uses and Disclosures of PHI

The following categories describe the different ways in which the app,򾺲app may use or disclose your PHI. We include some examples that should help you better understand each category.

The app,򾺲app may receive, use, or disclose your PHI to administer your health and dental benefits plan. Please be informed that the app,򾺲app, under certain conditions and circumstances, may use or disclose your PHI without obtaining your prior written authorization. An example of this would be when the app,򾺲app is required to do so by law. Other examples are presented below.

For Treatment
The app,򾺲app may use and disclose PHI as it relates to the provision, coordination, or management of medical treatment that you receive. The disclosure of PHI may be shared among the respective healthcare providers who are involved with your treatment and medical care. For example, if your primary care physician needs to use/disclose your PHI to a specialist, with whom he/she consults regarding your condition, this would be permitted.
For Payment
The app,򾺲app may use and disclose PHI to bill and collect payment for healthcare services and items that you receive. The app,򾺲app may transmit PHI to verify that you are eligible for healthcare and/or dental benefits. The app,򾺲app may be required to disclose PHI to its business associates, such as its claims processing vendor, to assist in the processing of your health and dental claims. The app,򾺲app may disclose PHI to other healthcare providers and health plans for the payment of services that are rendered to you or to your covered family members by such providers or health plans.
For Healthcare Operations

The app,򾺲app may use and disclose PHI as part of its business operations. As an example, the app,򾺲app may require a healthcare vendor partner (referred to as a “business associate”) to survey and assess constituent satisfaction with healthcare plan design/coverage. Constituent survey results assist the app,򾺲app in evaluating quality of care issues and in identifying areas for needed healthcare plan improvements. Business associates are required to agree to protect the confidentiality of your individually identifiable health information.

The app,򾺲app may disclose PHI to ensure compliance with applicable laws. The app,򾺲app may disclose PHI to healthcare/dental providers and health/dental plans to assist them with their required credentialing and peer review activities. The app,򾺲app may disclose PHI to assist in the detection of healthcare fraud and abuse. Please be reminded that the list of examples that are provided are not intended to be either exhaustive, or exclusive.

As Required by Law and Law Enforcement
The app,򾺲app must disclose PHI when required to do so by applicable law. The app,򾺲app must disclose PHI when ordered to do so in a judicial or administrative proceeding. The app,򾺲app must disclose PHI to assist law enforcement personnel with the identification/location of a suspect, fugitive, material witness, or missing person. The app,򾺲app must disclose PHI to comply with a law enforcement search warrant, a coroner’s request for information app,򾺲app his/her investigation, or for other law enforcement purposes.
For Public Health Activities and Public Health Risks
The app,򾺲app may disclose PHI to government agencies that are responsible for public health activities and to government agencies that are responsible for minimizing exposure to public health risks. The app,򾺲app may disclose PHI to government agencies that maintain vital records, such as births and deaths. Additional examples in which the app,򾺲app may disclose PHI, as it relates to public health activities, include assisting in the prevention and control of disease; reporting incidents of child abuse or neglect; reporting incidents of abuse, neglect, or domestic violence; reporting reactions to medications or product defects; notifying an individual who may have been exposed to a communicable disease; or, notifying an individual who may be at risk of contracting or spreading a disease or condition.
For Health Oversight Activities
The app,򾺲app may disclose PHI to a government agency that is authorized by law to conduct health oversight activities. Examples in which the app,򾺲app may disclose PHI, as it relates to health oversight activities, include assisting with audits, investigations, inspections, licensure or disciplinary actions, and other proceedings, actions or activities that are necessary to monitor healthcare systems, government programs, and compliance with civil rights laws.
Coroners, Medical Examiners, and Funeral Directors
The app,򾺲app may disclose PHI to coroners, medical examiners, and funeral directors for the purpose of identifying a decedent; for determining a cause of death; or, otherwise as necessary, to enable these parties to carry out their duties consistent with applicable law.
Organ, Eye, and Tissue Donation
The app,򾺲app may release PHI to organ procurement organizations to facilitate organ, eye, and tissue donation and transplantation.
Research
Under certain circumstances, the app,򾺲app may use and disclose PHI for medical research purposes.
To Avoid a Serious Threat to Health or Safety
The app,򾺲app may use and disclose PHI to law enforcement personnel or other appropriate persons. The app,򾺲app may use and disclose PHI to prevent or lessen a serious threat to the health or safety of a person or the public.
Specialized Government Functions
The app,򾺲app may use and disclose PHI for military personnel and veterans, under certain conditions, and if required by the appropriate authorities. The app,򾺲app may use and disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities. The app,򾺲app may use and disclose PHI for the provision of protective services for the President of the United States, other authorized persons, or foreign heads of state. The app,򾺲app may use and disclose PHI to conduct special investigations.
Workers’ Compensation
The app,򾺲app may disclose PHI for worker’s compensation and similar programs. These programs provide benefits for work-related injuries or illnesses.
Appointment Reminders/Health Related Benefits and Services
The app,򾺲app and/or its business associates may use and disclose your PHI to various other business associates that may contact you to remind you of a healthcare or dental appointment. The app,򾺲app may use and disclose your PHI to business associates that will inform you of treatment program options, or, of other health related benefits/services such as disease state management programs.
Disclosures for HIPAA Compliance Investigations
The app,򾺲app must disclose your PHI to the Secretary of the United States Department of Health and Human Services (the “Secretary”) when so requested. The Secretary may make such a request of the app,򾺲app to investigate its compliance with privacy regulations of the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Uses and Disclosures of Your PHI to Which You Have an Opportunity to Object

You have the opportunity to object to certain categories of uses and disclosures of PHI that the app,򾺲app may make:

Patient Directories
Unless you object, the app,򾺲app may use some of your PHI to maintain a directory of individuals in its hospitals or provider facilities. This information may include your name, your location in the facility, your general condition (e.g. fair, stable, etc.), and your religious affiliation. Religious affiliation may be disclosed to members of the clergy. Except for religious affiliation, the information that is maintained in a patient directory may be disclosed to other persons who request such information by referring to your name.
Disclosures to Individuals Involved in Your Health Care or Payment for Your Health Care
Unless you object, the app,򾺲app may disclose your PHI to a family member, another relative, a friend, or another person whom you have identified as being involved with your healthcare, or, responsible for the payment of your healthcare. The app,򾺲app may also notify these individuals concerning your location or condition.
Fundraising Activities
Unless you object, the app,򾺲app may disclose your PHI to contact you for fundraising efforts to support the app,򾺲app, its related foundations, and/or its cooperative organizations. Such disclosure would be limited to personal contact information, such as your name, address and telephone number. The money raised in connection with these fundraising activities would be used to expand and support the provision of healthcare and related services to the community.

If you object to the use of your PHI in any, or all, of the three instances identified above, please notify your campus or facility privacy officer, in writing.

Other Uses and Disclosures of Your PHI For Which Authorization is Required

Certain uses and disclosures of your PHI will be made only with your written authorization. Please be advised that there are some limitations with regard to your right to object to a decision to use or disclose your PHI.

Regulatory Requirements

The app,򾺲app is required, by law, to maintain the privacy of your PHI, to provide individuals with notice of the app,򾺲app’s legal duties and PHI privacy practices, and to abide by the terms described in this Notice. The app,򾺲app reserves the right to change the terms of this Notice and of its privacy policies, and to make the new terms applicable to all PHI that it maintains. Before the app,򾺲app makes an important change to its privacy policies, it will promptly revise this Notice and post a new Notice in conspicuous locations. You have the following rights regarding your PHI:

  • You may request that the app,򾺲app restrict the use and disclosure of your PHI. The app,򾺲app is not required to agree to any restrictions that you request, but if the app,򾺲app does so, it will be bound by the restrictions to which it agrees, except in emergency situations.

  • You have the right to request that communications of PHI to you from the app,򾺲app be made by a particular means or at particular locations. For instance, you might request that communications be made at your work address, or by electronic mail, rather than by regular US postal mail. Your request must be made in writing. Your request must be sent to the privacy officer on your campus or facility. The app,򾺲app will accommodate your reasonable requests without requiring you to provide a reason for your request.

  • Generally, you have the right to inspect and copy your PHI that the app,򾺲app maintains, provided that you make your request in writing to the privacy officer on your campus or your facility. Within thirty (30) days of receiving your request (unless extended by an additional thirty (30) days), the app,򾺲app will inform you of the extent to which your request has, or, has not been granted. In some cases, the app,򾺲app may provide you with a summary of the PHI that you request, if you agree in advance to a summary of such information and to any associated fees. If you request copies of your PHI, or agree to a summary of your PHI, the app,򾺲app may impose a reasonable fee to cover copying, postage, and related costs.

  • If the app,򾺲app denies access to your PHI, it will explain the basis for the denial. The app,򾺲app will explain your opportunity to have your request and the denial reviewed by a licensed healthcare professional (who was not involved in the initial denial decision). This healthcare professional will be designated as a reviewing official. If the app,򾺲app does not maintain the PHI that you request, but it knows where your requested PHI is located; it will advise you how to redirect your request.

  • If you believe that your PHI maintained by the app,򾺲app contains an error or needs to be updated, you have the right to request that the app,򾺲app correct or supplement your PHI. Your request must be made in writing to the privacy officer on your campus or in your facility. Your written request must explain why you desire an amendment to your PHI.

  • Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), the app,򾺲app will inform you of the extent to which your request has, or, has not been granted. The app,򾺲app generally can deny your request, if your request for PHI: (i) is not created by the app,򾺲app, (ii) is not part of the records the app,򾺲app maintains, (iii) is not subject to being inspected by you, or (iv) is accurate and complete.

  • If your request is denied, the app,򾺲app will provide you a written denial that explains the reason for the denial and your rights to: (i) file a statement disagreeing with the denial, (ii) if you do not file a statement of disagreement, to submit a request that any future disclosures of the relevant PHI be made with a copy of your request and the app,򾺲app’s denial attached, and (iii) complain about the denial.

  • You generally have the right to request and receive a list of the disclosures of your PHI that the app,򾺲app has made at any time app,򾺲app the six (6) years prior to the date of your request (provided that such a list would not include disclosures made prior to April 14, 2003).

  • The list will not include disclosure for which you have provided a written authorization, and will not include certain uses and disclosures to which this Notice already applies, such as those: (i) for treatment, payment, and health care operations, (ii) made to you, (iii) for the app,򾺲app’s patient directory or to persons involved in your healthcare, (iv) for national security or intelligence purposes, or (v) to correctional institutions or law enforcement officials.

  • You should submit any such request to the privacy officer on your campus or in your facility. Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), the app,򾺲app will respond to you regarding the status of your request. The app,򾺲app will provide the list to you at no charge. If you, however, make more than one request in a year, you will be charged a fee for each additional request. You have the right to receive a paper copy of this notice upon request, even if you have agreed to receive this notice electronically. This notice may be found at the app,򾺲app website address, http://www.usg.edu/legal. To obtain a paper copy of this notice, please contact your campus or facility privacy officer.

  • You may complain to the app,򾺲app if you believe your privacy rights, with respect to your PHI, have been violated by contacting the privacy officer on your campus or in your facility. Your must submit a written complaint. The app,򾺲app will in no manner penalize you or retaliate against you for filing a complaint regarding the app,򾺲app’s privacy practices. You also have the right to file a complaint with the Secretary of the Department of Health and Human Services. You may contact the Secretary by calling 1-866-627-7748 (outside of metropolitan Atlanta) or (404) 562-7886 (in metropolitan Atlanta).

If you have any questions about this notice, please contact the Human Resources office on your campus or in your facility.

For additional information, please contact the privacy officer on your campus or facility.

Effective Date: April 14, 2003

↑ Top