- Information We Collect and How We Collect It
- Voluntarily Provided. In the course of visiting and using the Site, you may provide personal information. In the course of doing so, you may be asked for information about yourself, including your name, email address, mailing address, date of birth, or other personally identifiable information (“Personal Information”). You may also provide voluntary information when submitting an inquiry, asking us to provide information to you, or applying for a job. You may choose whether to disclose Personal Information, but you may not be able to use the Site without disclosing it. We may collect information you send us, use pseudonymous identifiers, aggregate it, and/or de-personalize it.
- Technologically Gathered. We may collect some information automatically as you navigate the Site. We may combine information about your use with information about others’ use to generate aggregated information about visitors as a group. In particular, we employ Google Analytics and Facebook Pixels to collect user demographics, which helps inform us about our users’ ages, genders, and preferences. We may also collect and store your IP address, your operating system version, your browser version, the pages you visit within the Site, the length of time you spend on pages within the Site, the site from which you linked to ours, search terms you used in search engines which resulted in you linking to the Site, etc. We may review this information and use it to view and create reports to assist us with analyzing our users’ preferences and patterns.
- "WEB BEACONS" are small bits of code embedded in web pages or emails that assist in delivering cookies. Web beacons help us determine whether a page on this Site has been viewed and, if so, how many times. Although you cannot decline to receive web beacons when visiting a web page, you can choose not to receive web beacons by email if you disable HTML images or refuse HTML email messages, but you may not be able to experience all portions of the Site or service.
- "LOG FILES": The Site server automatically recognizes the Internet URL from which you access this Site. We may also log your Internet protocol ("IP") address for system administration and troubleshooting purposes. (An IP address indicates the location of your computer on the Internet.)
- FACEBOOK PIXELS AND GOOGLE ANALYTICS. We employ Google Analytics and Facebook Pixels to collect user demographics and online behaviors, which helps inform us about our users and their preferences. Our use of Google Analytics is discussed below. We also share information about your use of the Site with our social media, advertising, and analytics partners.
- How We Use the Information
Generally, we use information collected through the Site to enhance and personalize the Site, to communicate with you via email, to improve, administer, customize, and/or maintain the Site, to understand our users’ preferences and patterns, and to carry out our obligations and enforce our rights. The disclosure of such information is on the basis of legitimate interests. We may use your depersonalized information to conduct market research and analysis for ourselves and for others or disclose information about demographics or use of our Site in a way that does not personally identify you. We may also use your Personal Information to contact you with service messages about our services or those of our affiliates. We will only email or text you with marketing information where you have consented to receive it. We do not use Personal Information to make automated decisions.
- Disclosure to Third Parties
There are limited times when we may disclose your Personal Information, primarily to enforce legal rights or when authorized by you.
- Opt-out / California Residents. California Civil Code Section 1798.83 permits users of the Site who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. ScionHealth does not share personal information with third parties for direct marketing purposes unless specifically permitted herein. To opt out of having your personal information shared for direct marketing purposes, please send an email to firstname.lastname@example.org, or write us at:
Attn: Legal, California Privacy Request
680 S. 4th Street
Louisville, KY 40202-2412
- Outside the EEA. ScionHealth is based in the United States. By sharing your Personal Information with ScionHealth, you are transmitting your Personal Information outside the European Economic Area and to the United States. If ScionHealth shares your information with other persons or entities as described above, such recipients are also located outside the European Economic Area and in the United States.
4. Basis for Processing Information
We process data with your consent or when we have a legitimate basis for doing so.
5. Managing Your Information
Your Rights, Generally. You have certain rights with respect to your Personal Information. We strive to provide you with access to your Personal Information that we hold so long as the burden or expense of doing so is not disproportionate to the risks to your privacy and where the rights of others would not be violated. Specifically, you have the right to access a copy of the Personal Information we collect from you and to verify, update, or correct it (including to have obsolete information removed); rectify, modify, erase, and/or export your Personal Information; object to the processing of your Personal Information; request data portability; and the right to lodge a complaint with the supervisory authority. To the extent we process your Personal Information based upon your consent, you have the right to withdraw your consent at any time by contacting us. You may also request information about how we have processed your Personal Information that we have retained, how we have used it, and to whom we have disclosed it by contacting us. The mechanisms below provide you with certain options about how to exercise control over your Personal Information:
- Accessing, Modifying, or Deleting Your Personal Information. You may request a copy of your Personal Information in electronic format and free of charge by sending us a written request. Upon your request, we will remove your Personal Information from our records related to this Site. If you wish to update/correct Personal Information or remove your Personal Information from our records, please send your request to us via email at email@example.com or via postal mail at:
Attn: Compliance, Online Records Update
680 S. 4th Street
Louisville, KY 40202-2412
- Opting Out. If you are in the European Economic Area, we will only send you marketing emails if you have given us your explicit consent. You may choose to opt out of receiving marketing emails from us at any time by sending your request to us via email at firstname.lastname@example.org or via postal mail at the address listed above, or by using the means (such as clicking “unsubscribe”) provided in our emails.
- Do Not Track. Some browsers have a “do not track” feature that, when enabled, signals websites and online services that you do not wish to be tracked. We take no action in response to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking because there is still no acceptance standard for how to respond to them.
6. Data Protection
We take the protection of your Personal Information seriously. While we endeavor to safeguard your Personal Information, we cannot guarantee absolute security. You acknowledge and agree that we shall not be liable for any security breach that results from causes or events that are beyond our control, such as acts of God, hacking, terrorism, power outages, defects in third party security products and services, your own acts or omissions, and other similar events. Please be aware that no security measures are perfect or impenetrable, so security is not guaranteed.
Internet Explorer: http://windows.microsoft.com/en-US/windows-vista/Block-or-allow-cookies
8. Web Analytics
For website analysis, this website uses Google Analytics, a web analytics service provided by Google LLC (www.google.com). This serves to safeguard our legitimate interests in optimizing the representation of our offer that are predominant in the context of weighing our interests. Google Analytics uses methods that allow you to analyze the use of the website, such as cookies. The automatically collected information about your use of this website is usually transmitted to and stored on a Google server in the United States. By activating IP anonymization on this website, the IP address will be shortened prior to transmission within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the United States and shortened there. The anonymized IP address provided by Google Analytics within the framework of Google Analytics will generally not be merged with other data provided by Google.
Google LLC is headquartered in the US and is certified under the EU-US Privacy Shield. A current certificate can be viewed here. Under the agreement between the United States and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield.
You can prevent the collection of the data (including your IP address) generated by the cookie and related to your use of the website from Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. As an alternative to the browser plug-in, you can click on this link to prevent the collection by Google Analytics on this website in the future. An opt-out cookie is stored on your device. If you delete your cookies, you must click the link again.
9. Data Retention
We may keep your Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained.
This Site is not intended for use by children under the age of 18 and we do not knowingly collect information from children under the age of 18 on this Site. If we discover that any information is collected from a child under the age of 18, such information will be immediately removed from our Website. If you are concerned about your child’s use of the Site, you may use web-filtering technology to supervise or limit access to the Site.
11. European Union
For purposes of the General Data Protection Regulation, with respect to information collected through this Site, we are generally the data controller and you may contact us at the contact information set forth below. We use, process, or share your Personal Information upon the lawful basis of contract, consent, legal obligation, and/or our legitimate interests. We may use the services of third party data processors to process personal data in accordance with the purposes identified. We are based in the United States. Therefore, when we collect your Personal Information, it may be transferred to the United States and we process it in the United States.
13. Contact Information
NOTICE OF PRIVACY PRACTICES
Effective Date: July 19, 2013
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Understanding Your Medical Record and Your Health Information
ScionHealth is committed to protecting the privacy and safeguarding the security of your protected health information. Each time you receive services from ScionHealth or one of its affiliates (together, an affiliated covered entity), we record information that identifies you and relates to your medical condition, provision of health care, or payment for your treatment. Typically, this record consists of your medical history, symptoms, examination, observations, test results, diagnosis, care summaries, treatment, and future care plans. Understanding your health information and how it is used is important in maintaining its accuracy and confidentiality. This notice pertains to our workforce members and other health care providers we work with in a clinically integrated setting (e.g., members of our medical and clinical staff) and other participants in our organized health care arrangements, and pertains to uses and disclosures of your protected health information whether made verbally, on paper, or electronically, including through a health information exchange operated by ScionHealth or a business associate.
How We May Use and Disclose Your Health Information
Federal privacy laws allow ScionHealth to use and disclose your health information for the following reasons or to the following entities:
- Treatment – We may use and disclose your health information to provide, coordinate or manage your treatment and related services, including disclosures to doctors, nurses, technicians, students, volunteers, or other personnel involved in your care. We may disclose your health information to other providers to facilitate the care they provide you. For example, we may share your health information to coordinate your health care and related services, such as care summaries, prescriptions, lab work and x-rays.
- Payment – We may use and disclose your health information so that the treatment and services you receive are billed to and payment is collected from you, an insurance company or a third party. For example, we may tell your health plan about your treatment plans to obtain prior approval or determine whether your plan will cover the treatment.
- Health Care Operations – We may use and disclose your health information for our health care operations. These uses and disclosures allow us to continually improve the quality and effectiveness of your care. For example, we may use and disclose your health information to review our treatment and services, manage your care, and evaluate the performance of our staff and others caring for you. We may also combine your health information with health information from others so that our quality improvement team and other participants in our organized health care arrangements can identify improvements in the care and services you receive.
- Facility Directory Purposes – If you receive services in a ScionHealth facility, we may include certain limited information about you in a facility directory while you are a patient. This information may include your name, location in the facility, general condition (e.g., fair, stable, etc.) and religious affiliation. The directory information, except for your religious affiliation, may be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they don’t ask for you by name. The facility directory is used so your family, friends and clergy can visit you and generally know how you are doing. If you would like to opt out of being in the directory, please contact the Privacy and Security Contact.
- To Family Members and Others Involved in Your Care – Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your health information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose health information to notify or assist in notifying a family member, personal representative, or any other person responsible for your care of your location, general condition, or death.
- Disaster Relief – We may use or disclose your health information to an authorized public or private entity to assist in disaster relief efforts to coordinate notifying your family members of your location, general condition or death.
- Incidental Disclosures – Some incidental disclosures of your health information may occur during otherwise permitted use or disclosure of your health information. For example, a visitor may overhear a discussion about your care at the nursing station. We have implemented appropriate safeguards to protect the privacy of your information, such as keeping those conversations at a quiet volume.
- As Required by Law – We may disclose your health information when we are required to do so by federal, state or local law.
- Public Health Activities – We may disclose your health information to appropriate bodies for public health activities, including preventing or controlling disease, reporting adverse events, product defects, or for Food and Drug Administration reporting. We may provide required immunization records to a school with agreement from a parent, guardian or other representative.
- Crime, Abuse and Neglect Reporting – We may disclose your health information to a government authority if we reasonably believe you have been a victim of a crime or a victim of abuse, neglect or domestic violence.
- Health Oversight Activities – We may disclose your health information to a health oversight agency for activities such as audits; investigations; licensure or disciplinary actions; or for civil, administrative or criminal proceedings.
- Judicial and Administrative Proceedings – We may disclose your health information in response to a court or administrative tribunal order. We may also disclose your health information in response to a subpoena, discovery request, or other lawful process once efforts have been made to tell you about the request or obtain an order protecting the information requested.
- Law Enforcement Purposes – In certain circumstances, we may disclose your health information for law enforcement purposes to a law enforcement official including disclosures for identification and location purposes; pertaining to crime victims; if we suspect a death occurred as a result of a crime; if we believe a crime occurred on the premises; or to alert law enforcement in certain medical emergencies.
- Coroners, Medical Examiners, and Tissue Donation – We may disclose your health information to identify a deceased person or determine the cause of death, to funeral directors to assist in their duties, or to organ procurement organizations to facilitate organ, eye or tissue donation and transplantation.
- Research – We may use and disclose your health information to researchers in certain circumstances, such as research that has been approved through a special process designed to protect your health information privacy.
- To Avert a Serious Threat to Health or Safety – We may use and disclose your health information when necessary to prevent a serious and imminent threat to your health and safety or the health and safety of the public or another to someone able to help prevent the threat.
- Specialized Government Functions – We may use and disclose your health information for some military and veteran activities, such as to military authorities if you are or were previously a member of the armed forces. We may also disclose information when requested by federal officials for national security or intelligence activities or for the protection of certain public officials.
- Correctional Institutions – If you are an inmate, we may disclose your health information to your custodial correctional institution or law enforcement officials in certain circumstances.
- Workers’ Compensation – We may disclose your health information to comply with laws relating to workers' compensation or similar programs.
- Communication - We may contact you to provide appointment and refill reminders, alternative treatments, and other health-related services such as disease management programs and community-based services that may be of interest to you.
- Business Associates – Service providers with whom we have contracted to provide a service on our behalf may create, receive, maintain or transmit your health information once they agree in writing to protect the privacy and security of your health information.
- To Health and Human Services – We may disclose your health information to the Secretary of Health and Human Services for compliance reviews and complaint investigations.
- Fundraising – We may use limited health information to contact you for fundraising activities. For example, we may contact you to raise funds for a ScionHealth foundation. You have the right to opt out of receiving such communications by providing us notice through one of the opt out methods we provide.
- Marketing – With a few exceptions, we must have your written authorization to use or disclose your health information to make a communication about a product or service that encourages the recipients of the communication to purchase or use the product or service. For example, we may communicate with you face-to-face regarding services that may be of interest and provide you with promotional gifts of nominal value.
- Psychotherapy Notes – We must have your written authorization to use or disclose your psychotherapy notes except for certain treatment, payment and health care operations purposes, if the disclosure is required by law or for health oversight activities, or to avert a serious threat.
- Sale of Protected Health Information – With few exceptions, we must have your written authorization for any disclosure of your health information that is a sale of protected health information and we must notify you that we will be paid for the disclosure.
- Other Uses and Disclosures – Other uses and disclosures not described in this Notice will be made only with your written authorization unless otherwise required or permitted by law.
- Revoking an Authorization – You may revoke an authorization at any time in writing, except to the extent that we have relied on the authorization to disclose your health information or in certain circumstances when the authorization was obtained as a condition of obtaining insurance coverage.
Your Health Information Rights
Although your medical record is the property of ScionHealth, the information belongs to you. You have legal rights regarding your health information, which are described below. Your legal rights include a:
- Right to Inspect and Copy – With some exceptions, you have the right to inspect and obtain a digital or hard copy of your health information maintained in your designated record set. We may charge a fee for the associated cost of labor, mailing, or other supplies. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access, you may request a review of the denial.
- Right to Amend – If you believe the health information we have about you is inaccurate or incomplete, you have the right to request an amendment of your health information. This right exists as long as we keep this information. You must provide a reason that supports your request. We may deny your request for an amendment in some circumstances.
- Right to an Accounting of Disclosures – You have the right to obtain a listing of certain disclosures we have made of your health information. You can request an accounting of these disclosures made for up to 6 years prior to the date of your request. The first request in a 12-month period is provided at no cost to you. There may be a charge for subsequent requests within the same 12-month period. We will notify you of the cost involved so you may withdraw or modify your request before incurring any costs.
- Right to Request Restrictions – You have the right to request restrictions on the use or disclosure of your health information for treatment, payment and health care operations. You also have the right to request a restriction on disclosures about you to someone who is involved in your care or the payment for your care, like a family member or friend. We are not required to agree to your request except when you 1) request a restriction to your health plan for payment or health care operations purposes, and the disclosure is not otherwise required by law, and 2) the request pertains solely to a health care item or service for which we have been paid out-of-pocket in full. If we do agree to a requested restriction, we will comply with your request unless the information is needed to provide you emergency treatment. You will need to notify other providers if you want them to abide by the same restrictions.
- Right to Receive Confidential Communications – You have the right to request to receive communications of health information by alternate means or at alternative locations. We will accommodate all reasonable requests.
- Right to a Paper Copy of this Notice – You may request a paper copy of this Notice at any time, even if you have agreed to receive this Notice electronically.
All requests made under this section must be made in writing to the ScionHealth facility/location where you receive or received care to the attention of the Privacy and Security Contact.
We are required by law to maintain the privacy of protected health information, provide you with this Notice of our legal duties and privacy practices with respect to protected health information, and to notify you if you are affected by a breach of unsecured protected health information.
We are required to abide by the terms of this Notice while it is in effect. We reserve the right to change the terms of our Notice and to make the new Notice provisions effective for all protected health information that we maintain. If we change the terms of our Notice, we will make copies of the new Notice available to you and post a copy of the new Notice in a prominent location in our facilities and on our website.
State Law Requirements
Certain state health information laws and regulations, such as those dealing with mental health, HIV/AIDS or drug and alcohol records, may be more stringent that the federal privacy laws and further limit the uses and disclosures of your health information described above.
If you believe your privacy rights have been violated, you may complain to ScionHealth or to the Secretary of Health and Human Services. You may file a complaint with the Privacy and Security Contact at the facility or location where you are or were receiving services or you may file a complaint using ScionHealth’s Compliance Hotline at (844) 760-5835. You will not be retaliated against for filing a complaint.
If you have questions about this Notice, please contact the facility or location where you are or were receiving care and request to speak to the Privacy and Security Contact. You may also contact ScionHealth’s Compliance Department at (800) 545-0749.