Privacy Policy

Privacy, Confidentiality and Release of Health Information

Policy

The medical record is property of the hospital and is maintained for the benefit of the patient, the physician and the hospital. The information in the health record belongs to the patient. It is the responsibility of the hospital to safeguard the information in the record against loss, tampering or use by unauthorized persons. 

Procedure

Privacy, Confidentiality and Release of Information. 

  1. All information concerning patient identification and patient condition is considered protected and confidential. No protected health information shall be released without the express permission of the patient through an approved authorization, consent, or through a court order, is authorized by state or federal law, or in case of urgent or emergent medical treatment by denying access could cause harm to life or limb of the patient. 
  2. Requests for patient records should be processed through trained personnel through the Health Information Department, unless doing so, would or could cause harm to the patient. 
  3. In the State of Minnesota, per Statute, consent forms must be signed and dated for information to be released even to be used for payment, treatment and Health care operations (PTO). HIPAA does not require consent for PTO, but MN does. Consents may be modified, before releasing information for PTO based on a consent, verify that there are no modifications or stipulations that would cause you to withhold the information. 
  4. PTO is defined as: 
    • Payment : Information pertinent to payment including coded or written diagnoses, coded written procedures, and plan of treatments for eligibility determination, risk adjustment, claims management, medical necessity review, and utilization review
    • Treatment : Providing the health care provider with information about the patient’s health for treatment decision making, consultations between provided, referrals and coordination with a third party payer. There must be a patient relationship with said provider, and a need to know.
    • Operations : Providing the authorized personnel with information for Quality improvement, evaluating performance, training, accreditation, licensing, credentialing, medical review, legal services and auditing functions, Business management activities. 
  5. An authorization form must be complete, dated and signed by the patient permitting disclosure of protected health information (PHI) from his/her record to the party or agent specified for any purpose not covered by the consent, or law. Authorizations will be considered void if signed and dated greater than 1 year from date of request. 
  6. Information cannot be released for future treatment. Signed authorization must be dated on or following the information to be released was originated. 
  7. An employee releasing information must make all efforts to only release the minimum necessary information for the purpose stated. It is the burden of the requesting party to ensure that only the minimum necessary information is being requested on their request form. 
  8. Authorization can only be signed by the patient with the exceptions as stated in the law. If the patient is a minor, declared incompetent, rendered unconscious or incapable of managing his/her own health affairs, the guardian, conservator, estate executor; power of attorney may sign the authorization. In the absence of those legally designated, the next of kin may sign in the following priority: Spouse, Parent, adult children, grandparent, and adult brother/sister. 
  9. Once the departmental personnel has proper authorization, photocopies of requested information can be sent for the following charges: 
    • For paper copies $ 19.19 retrieval fee and $1.44 per page, with additional fees for shipping/delivery, certification, notarization, reproduction of photographs and facsimile transmission and State Sale’s tax. 
    • Records saved electronically can be charged $15.00 for a Memory Stick device and $10.00 for CD, plus any mailing costs or sales tax that may apply. 
  10. The following can not be charged for copies:
    • The patient will not be charged for copies of current records up to, but not exceeding, 1 year from date of request . 
    • QIO 
    • Medicare, 
    • VA Facilities, 
    • BCBS of MN, 
    • County Social Services, 
    • Law enforcement for required reporting, 
    • MN Department of Health, 
    • Continuing Education Facilities, 
    • Medical providers for the purpose of continuing care. 
  11. Any PCMC employee releasing information in any form, must document on the request, the documents released, the date the information that was actually released, the name of the person who released the information, and to whom it was released. The release should be attached to the back of the record for which it applies, and scanned into the Electronic Record. 
  12. A bill for payment is also sent with the copies requiring payment, If a company or attorney is known for unpaid requests, payment will be required in advance of the release. 
  13. A Release of Information Log is kept for additional verification. The log shall include: Medical record number, treatment date(s), date received release, date released, requested by, sent by, number of copies released, charges and amount paid. This log can be paper or computerized, but must be maintained permanently. 
    • The patient has a right to be provided with a list of persons who have had access to the their health record, and should be provided to them upon request at no charge, not to exceed 6 years. 
  14. For requests of records from legal authorities including law enforcement and attorney’s need a court order. Subpoena’s from attorneys MUST have a court seal to be honored. (See Chapter 4 of Minnesota Legal Manual) or have a signed patient authorization.
  15. Taking Records to court.
    • When a medical record is to be used in court as evidence, a subpoena duces tecum must be served to the hospital. The hospital may not refuse to bring the record to court. When a subpoena is served, the attending physician shall be notified. 
    • A subpoena issued by an attorney but not court ordered, still requires a valid authorization by the patient. 
    • A representative from the records department or hospital administrator is qualified to take the record to court. One can only verify that the record is that of the patient, and maintained in the course of daily operations. 

Website Privacy Policy

This Privacy Policy tells you why and how Pipestone County Medical Center collects, uses, maintains, and discloses your personal information when using this website (“Site”).  Because Pipestone County Medical Center is a U.S.-based company, our website is controlled and offered from facilities in the United States and is governed accordingly. The data protection rules and rights of government access to data in other countries may be different than those in the United States.

Collection and Use

We may collect personal information from you in a variety of ways, including, but not limited to, when you visit our Site, subscribe to a newsletter, fill out a form, and in connection with other activities, services, features, or resources we may make available on the Site from time to time. You may be asked for, when appropriate, your name, email address, mailing address, phone number, and other information. You may, however, visit our Site anonymously. We will collect personal identification information only if you voluntarily submit such information to us. You may always refuse to provide personal identification information, except that it may prevent you from engaging in certain Site related activities.  Should you provide us with personal identification information, in most instances we will not disclose it without your express consent, or will provide you with an opportunity to say no; however, we may collect, use or disclose personal information without your knowledge or consent in certain limited circumstances, including: (a) when the collection, use or disclosure of personal information is permitted or required by law; (b) when the personal information is available from a public source (e.g., a telephone directory); (c) when we require legal advice from a lawyer; (d) for the purposes of collecting a debt or to protect ourselves from fraud; (e) to investigate an anticipated breach of an agreement or a contravention of law; or (f) if our company is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to service you.

Disclosure

Pipestone County Medical Center does not sell or otherwise share your personal information with anyone else, such as advertising agencies or marketing companies.  We will only share your personal information internally with those staff members who need it to carry out your instructions regarding the receipt of marketing information or other services.

Security

We use security measures to ensure that your personal information is appropriately protected, including physically securing offices where personal information is held; the use of user IDs, passwords, encryption, firewalls; restricting employee access to personal information as appropriate (i.e., only those that need to know will have access; contractually requiring any service providers to provide comparable security measures).

Cookies

Our Site may use “cookies” to help deliver a better user experience. A “cookie” is a small data file that certain websites write to your hard drive when you visit them. A cookie file can contain information such as a user ID that the website uses to track the pages you’ve visited, but the only personally identifiable information a cookie can contain is information you supply yourself.  The type of information we may collect as a result of a cookie being accepted by you is specific to your PC and includes the IP address, the date and time the PC visited the website, what parts of our website were looked at and whether the web pages requested were delivered successfully. This information is anonymous; it represents a computer rather than a person. A cookie cannot read data off of your hard disk or read cookie files created by other websites.  We may use cookies to understand user traffic patterns and to tell us how and when you interact with our website. We may do this in order to determine the usefulness of our Site as well as the effectiveness of the navigational structure. This information is used to customize and improve our Site. If you prefer not to receive cookies from our Site, you may set your browser to warn you before accepting cookies, and refuse the cookie when your browser alerts you to its presence. You can also refuse all cookies by turning them off in your browser. You do not need to leave cookies turned on in order to use our Site, however, by doing so, you may not be able to utilize some features of the website.

Age of Consent

This website is not intended for use by person under the age of majority in their jurisdiction. By using this site, you represent that you are at least the age of majority in your jurisdiction.

Changes to this Privacy Policy

We reserve the right to modify this privacy policy at any time. We will notify you about significant changes in the way we treat your personal information by placing a prominent notice on our website or using the contact information you have provided. Please review any notices carefully. If you do not wish to continue using the website or sharing your personal information, you can request deletion of your personal information by contacting us at:

916 4th Ave. SW
Pipestone, MN 56164
507-825-5811

Questions

Should you have any questions concerning this privacy policy, please contact us.