Privacy and Confidentiality

The privacy of our patients' health information is a core value at Northwell Health.

We respect our patients' right to authorize the release of health information and will only release that information with a valid authorization or when permitted by law. Federal and state laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) provide guidance for patients regarding their privacy rights and the use or disclosure of their medical information. These rights are described in detail in Northwell Health's Notice of Privacy Practices below.

To maintain our patients' trust, we have established safeguards to protect the privacy and security of their personal information. Each of our facilities has a privacy officer who is able to answer patients' questions about the way their health information will be used.

If you have any questions about your privacy rights or the policies we put in place to protect you, please contact the Office of Corporate Compliance at (516) 465-8097.

Notice of Privacy Practices

To see a copy of the notice, please click on the appropriate link:

• Notice of Privacy Practices (English)
• Notice of Privacy Practices (Spanish)

Frequently Asked Questions About Privacy and Confidentiality

What is HIPAA?

HIPAA is an acronym for the Health Insurance Portability and Accountability Act of 1996, a federal law.

What does HIPAA do?

HIPAA protects the privacy and security of patient medical information in both written and electronic form. It also sets the terms for transmitting medical information to other providers and health insurers.

Is Vivo Health Pharmacy required to comply with HIPAA?

Yes. HIPAA applies to:

• Health care providers
• Health care plans (self-insured plans, HMOs, health insurance company coverage, employer health plans, and similar arrangements)
• Health care clearinghouses (entities that standardize health information)

What information is protected under HIPAA?

The HIPAA Privacy Rule protects all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, paper, or oral. The Privacy Rule calls this "protected health information."

The following examples could be considered individually identifiable information:

• Names
• Geographic subdivisions smaller than a state, including street addresses, cities, counties, precincts, ZIP codes, and equivalent geocodes, except for the initial three digits of a ZIP code in certain situations
• All elements of a date (except for the year) directly related to a patient, including birth date, discharge date, and date of death
• All ages over 89 and all elements of dates indicative of such age — except when such ages and elements are grouped into a single category of age 90 or older
• Telephone numbers
• Fax numbers
• Email addresses
• Social Security numbers
• Medical record numbers
• Health plan beneficiary numbers
• Account numbers
• Certificate or license numbers
• Vehicle identifiers and serial numbers
• Medical device identifiers
• Web URLs
• IP addresses
• Biometric identifiers, including finger and voice prints
• Full-face photographic images and any comparable images
• Any other unique identifying numbers, characteristics, or codes

How is Northwell Health ensuring compliance with HIPAA?

Northwell Health has implemented a number of controls to comply with HIPAA. Some of them are:

• Privacy officers assigned to each of its facilities
• Regular training for the members of its workforce
• Policies and procedures to help protect the privacy and security of patients' individually identifiable health information
• HIPAA-compliant forms
• A Notice of Privacy Practices that is available to all patients

What are my rights as a patient under HIPAA?

Your rights as a patient under HIPAA include:

• The right to receive Northwell Health's Notice of Privacy Practices
• The right to receive and review a copy of your medical information
• The right to ask that your medical information be amended
• The right to ask for restrictions in the use of your health information
• The right to ask for confidential communications
• The right to be notified when your medical information is disclosed
• The right to be notified if the privacy of your protected health information, as defined by HIPAA, has been breached
• The right to file a complaint with Northwell Health or with the U.S. Department of Health and Human Services' Office for Civil Rights if you believe your privacy rights have been violated

How can I request a copy of my medical record from Northwell Health?

Fill out the form to request a copy of your medical record. Submit the completed form to your healthcare provider.

Will all of my information be included in the response to my request for medical information?

Most of the information in your medical record will be included in the response to your request. However, certain portions of your record, such as psychotherapy notes, may not be included in the response. Learn more about this restriction.

How do I request an amendment to my medical information?

You may request an amendment to your medical record if you believe that information in your record is inaccurate. Subject to your health care provider's discretion and applicable law, we will do our best to accommodate all reasonable requests. To request an amendment, please complete the Request for Amendment of Protected Health Information.

How do I request a restriction on the disclosure of my medical information?

To request a restriction, please complete the Request for Confidential Communications and/or Restrictions on Access, Use or Disclosure of Protected Health Information.

Whom should I contact if I have more questions about my privacy rights?

Northwell Health has a staff of compliance and privacy officers who are here to assist you with any questions related to the privacy of your health information. Please call the Office of Corporate Compliance at 516-465-8097 for more information.

Will Northwell Health use my medical information for research purposes?

While you may be asked to participate in research studies as a patient at Northwell Health facilities, Northwell Health will not use your identifiable medical information for research purposes without your prior authorization.

Where can I learn more about HIPAA and patient privacy?

For more information about the privacy of your medical information, visit hhs.gov/ocr.

Whom should I contact if I have a complaint related to the privacy of my medical information?

Northwell Health's Office of Corporate Compliance is here to address any question or concern about the way medical information is handled. We can be reached at:

Office of Corporate Compliance
200 Community Drive
Great Neck, NY 11021
Phone: 516-465-8097
Fax: 516-465-8996

In addition, we offer a toll-free, anonymous, confidential, and nonretaliatory reporting help-line 24 hours a day, seven days a week. Visit northwell.ethicspoint.com or call 800-894-3226.

While we hope you will contact Northwell Health's Office of Corporate Compliance first to address your concerns, you also have the right to contact the Office for Civil Rights to file a complaint.

Office for Civil Rights
U.S. Department of Health and Human Services
Jacob Javits Federal Building
26 Federal Plaza, Suite 3312
New York, NY 10278
Phone: 212-264-3313
Fax: 212-264-3039
TDD: 212-264-2355