Compliance With HIPAA

Compliance With Health Insurance Portability And Accountability Act ("HIPAA")

Patient Privacy at UnityPoint Health

Protecting the privacy of our patients' information is a key part of our goal to provide the best outcome for every patient every time. Across the United States, the privacy of patients' health information is protected by a federal law and regulations (commonly referred to as "HIPAA") that establish minimum standards for maintaining the privacy and security of patients' information. In addition, the states where we treat our patients also have state laws that provide additional protections for certain types of health information. At UnityPoint Health, we have a compliance program that includes policies implementing patient privacy and security requirements mandated under federal and state law. We provide training to our employees on the importance of complying with these policies and regularly conduct audits to confirm the effectiveness of our privacy and security compliance policies.

If you have questions regarding our privacy and security program or the use of your information, please contact the privacy officer for the facility where you received treatment.

Frequently Asked Questions Regarding our Notice of Privacy Practices

1. Who will follow these privacy practices? Our rules to protect your privacy will be followed by all workforce members of the site where you are being treated, as well as physicians and other health care practitioners with permission to provide services at our sites who are independent of UnityPoint Health Affiliate. For a full list of the facilities covered under the Notice of Privacy Practices, please see Appendix A in the Notice of Privacy Practices.

2. What Health Information Is Covered Under This Notice? This Notice covers health information at UnityPoint Health that may be written (such as a hard copy medical record file), spoken (such as physicians discussing treatment options) or electronic (such as billing records kept on a computer).

3. How Can UnityPoint Health Use Your Health Information? The law allows UnityPoint Health to use or share your health information for routine activities without requiring your permission, such as:

  • For treatment
  • For payment
  • To run the hospital or physician group
  • For appointment reminders and communications

The law also allows UnityPoint Health to use and share health information without your permission for other limited reasons, including:

  • Public health activities
  • Some research activities
  • Health and safety reasons
  • Organ and tissue donation requests
  • Law enforcement requests
  • Some marketing and fundraising activities
  • Uses and sharing permitted or required by law

4. What Activities Require Your Written Permission? If UnityPoint Health needs to use or disclose your health information for other purposes not described in this frequently asked questions guide or the attached full Notice of Privacy Practices, UnityPoint Health must ask for your written authorization.

5. What Activities Do You Have a Right to Object To? In many circumstances, you may have the right to object before we do the following:

  • Share your information with family members, friends or others involved in your care
  • List your name, room number and condition in a directory available to hospital visitors, as well as list your religion in a directory available to clergy members.

6. What Are Your Privacy Rights as a Patient? You have the right to.

  • Get a copy of your medical and billing records
  • Ask us to change your medical and billing records if you think we made a mistake
  • Request a preferred method of contact (for example, having calls go to your cell phone rather than to your home or work)
  • Get a list of certain health information shared for reasons other than treatment, billing or our health care operations with other persons or organizations
  • Receive a paper copy of our Notice of Privacy Practices (you can request one from any registration desk)
  • Ask us to limit the information we share (but note that we may not be able to grant requests beyond what the law requires)
  • Complain in writing to us if you believe your privacy rights have been violated