HIPAA & Privacy

This official notice regarding HIPAA and privacy laws describes how health information about you may be used and disclosed, and how you can get access to this information. Please review it carefully.

ECMCC Notice of Privacy Practices

Effective: April 14, 2003

Revised: August 1, 2021 (Download)

If you have any questions about this notice, please contact our Privacy Officer:

Erie County Medical Center Corporation

Attention: Privacy Officer
462 Grider Street
Buffalo, NY 14215
Privacy Hotline: 1-855-222-0758
Hotline Website: www.lighthouse-services.com/ecmc
Email: PrivacyOfficer@ECMC.edu

Attention: Health Information Management Department
462 Grider Street
Buffalo, NY 14215

Who Will Follow This Notice

This notice describes the practices of our facilities and that of:

  • Erie County Medical Center, Terrace View and Erie County Medical Center Outpatient Clinics. All these entities, sites and locations follow the terms of this notice, including but not limited to telehealth. In addition, these entities, sites and locations may share medical information with each other for treatment, payment or operations as described in this notice.
  • Any health care professional authorized to enter information into your medical record.
  • Persons permitted by law to access your medical record, such as representatives of the Mental Hygiene Legal Service in matters of Behavioral Health.
  • Any member of a volunteer group we allow to help you while you are within the organization.
  • All employees, staff and other personnel.

Our Responsibility to You Regarding Your Medical Information

We understand that medical information about you is personal. We are committed to protecting the privacy of your medical information. In order to comply with certain legal requirements, we are required to:

  • Keep your medical information private.
  • Provide you with a copy of this notice.
  • Follow the terms of this notice.
  • Notify you if we are unable to agree to a restriction that you have requested.
  • Accommodate your reasonable requests to communicate your medical information by alternative means or at alternative locations.
  • Notify you following a breach of your unsecured medical information, as required by law.

How We May Use and Disclose Your Health Information

Erie County Medical Center Corporation will generally obtain your written authorization before using your health information or sharing it with others outside the hospital. You may also initiate the transfer of your records to another person by completing a written authorization form. If you provide us with written authorization, you may revoke that written authorization at any time, except to the extent that we have already relied upon it. To revoke a written authorization, please write to the ECMCC Privacy Officer, 462 Grider Street Buffalo, NY 14215 to revoke such authorization.

There are some situations when we do not need your written authorization before using your health information or sharing it with others. They are:

Treatment

  • We may use and disclose medical information about you for your treatment. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. We may also disclose medical information about you to people, places and entities beyond our Care Partners who may be involved in your medical care after you leave our facility. For example, we may give your physician access to your medical information to assist your physician in treating you.

Payment

  • We may use and disclose medical information about you for payment purposes (as in a collection action on an unpaid claim). For example, we may give your health plan information about a surgery you received so your health plan will pay us or reimburse you for that surgery.

Health Care Options

  • We may use and disclose medical information about you to support our health care operations. For example, we may use medical information to review our treatment and services and evaluate the performance of our staff in caring for you.

How Information May be Used or Disclosed to You

We may communicate to you in a number of ways; we may utilize SMS texting, email, mail, ECMCC smart phone apps, phone calls and/or voicemail messages including but not limited to the below:

Appointment Reminders

  • We may use your medical information to contact you to remind you of scheduled appointments

Treatment Alternatives

  • We may use and disclose medical information about you to tell you about or recommend possible treatment options or alternatives that may be of interest to you.

Health-Related Products or Services

  • We may use and disclose your medical information to tell you about our health related products or services that may be of interest to you.

Fundraising Activities

  • We may use your medical information to contact you to solicit support for certain fundraising activities related to our operations. You will haveanopportunity to opt-out of receiving such communications or you can call the Privacy hotline at 1-855-222-0758.

How Will My Information Be Used or Disclosed to Family & Friends

Erie County Medical Center Corporation may use your health information in, and disclose it from, our Patient Directory where applicable, or share it with family and friends involved in your care, without your written authorization. ECMCC will always give you an opportunity to object unless there is insufficient time because of a medical emergency (in which case we will discuss your preferences with you as soon as the emergency is over). ECMCC will follow your wishes unless we are required by law to do otherwise.

Hospital Directory

  • Unless you tell us otherwise, we will list your name, location in the facility, general condition, and religious affiliation in a hospital directory, if applicable. This information may be provided to members of the clergy and, except for religious affiliation, to other people who ask for you by name, including members of the media. If you would like to opt-out of being in the hospital directory, please notify the admission staff.

Family & Friends

  • We may release medical information about you to a family member, friend, or any other person involved in your medical care. We may also give information to those you identify as responsible for payment of your care.

How Will My Information Be Used or Disclosed Without Your Authorization Outside Treatment: Payment & Operations

We may use or disclose medical information about you without your prior authorization for several other reasons. Subject to certain requirements, we may give out medical information about you without your prior authorization for the following purposes:

Research

We may use and disclose medical information about you for research purposes.

  • All research projects are subject to a special approval process through an appropriate committee.
  • ECMCC is prohibited from using or disclosing genetic information of an individual for underwriting purposes (45 CFR 164.520(b)(1)(iii)(C)). Even without special approval, we may permit researchers to look at records to help them identify patients who may be included in their research project or for other similar purposes, as long as they do not remove or take a copy of any Health Information.

Required by Law

We may disclose medical information when required by law, such as in response to a request from law enforcement in specific circumstances or in response to valid judicial or administrative orders.

Public Health

We may disclose your medical information for public health activities.These disclosures generally include the following:

  • To public health authorities to prevent or control disease, injury, ordisability;
  • public health agencies, or other authorized entities, as permitted by state law, that maintain registries of certain information, such as immunization registries, forpurposes of conducting public health surveillance, public health investigations, and public health interventions;
  • to report births and deaths;
  • to report the abuse or neglect of children, elders, and dependent adults;
  • to notify you of recalls of products you may be using;
  • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
  • to notify the appropriate government authority if we believe a competent adult patient has been the victim of abuse, neglect, or domestic violence (we will only make this disclosure if you agree or when required by law).

To Avert a Serious Threat to Health or Safety

We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.

Law Enforcement

We may disclose medical information about you to law enforcement officials upon their request:

  • in response to a court order, subpoena, warrant, investigative demand, or othersimilar process;
  • to help identify or locate a suspect, fugitive, material witness, or missing person; NOTICE OF PRIVACY PRACTICES Page 3 of 4
  • about the victim of a crime if, under certain limited circumstances, we are unable to obtain the victim’s agreement;
  • about a death we believe may be the result of criminal conduct;
  • about criminal conduct occurring on our premises;
  • in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description, or location of the person who committed the crime.

Health Oversight

We may disclose your medical information to health oversight agencies for purposes of legally authorized health oversight activities, such as audits and investigations necessary for oversight of the health care system and government benefit programs.

Business Associates

We may disclose Health Information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. For example, we may use another company to perform billing services on our behalf. All of our business associates are obligated to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract.

Notification

We may use or disclose your information to notify or assist in notifying a family member, personal representative, or another person responsible for your care, of your location and general condition.

Funeral Directors, Medical Examiners, and Coroners

We may disclose medical information to funeral directors, coroners or medical examiners consistent with applicable law in order for them to carry out their duties.

Lawsuits and Disputes

If you are involved in a lawsuit or dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request (which may include written notice to you) or to obtain an order protecting the information requested.

Organ and Tissue Donation

Consistent with applicable law, we may disclose medical information to organ procurement organizations or other entities for the purpose of tissue donation and transplant.

Health Information Exchange

We participate in a health information exchange (HIE) and may electronically share your medical information for treatment, payment and health care operations purposes with other participants in the HIE. HIE’s allow your health care providers to efficiently access and use medical information necessary for your treatment and other lawful purposes. The inclusion of your medicalinformation in an HIE is voluntary and subject to your consent.

Military and Veterans

If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.

National Security

We may release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.

Multidisciplinary Personnel Teams

We may disclose medical information to a multidisciplinary personnel team relevant to the protection, identification, management or treatment of (i) an abused child and the child’s parents, or (ii) elder abuse and neglect.

Food and Drug Administration (FDA)

We may disclose certain medical information to the FDA relative to reporting adverse events.

Workers’ Compensation

We may disclose medical information necessary to comply with laws relating to workers’ compensation or other similar programs established by law.

Correctional Institutions

Should you be an inmate of a correctional institution, we may disclose medical information necessary for your health and the health and safety of other individuals to the institution or its agents.

Special Categories of Information

In some circumstances, your medical information may be subject to restrictions that may limit or preclude some uses or disclosures described in this notice. For example, there are special restrictions on the use or disclosure of certain types of medical information (e.g., HIV test results, mental health records, and alcohol and substance abuse treatment records). Government health benefit programs, may also limit the disclosure

Other Uses or Disclosures of Medical Information

Other uses and disclosures of medical information not covered by this Notice or the laws that apply to us will be made only with your written authorization. If you provide us your authorization to use or disclose medical information about you, you may revoke that permission, in writing, at any time. However, we are unable to take back any disclosures we have already made with your permission. Your health information may also be disclosed to the Secretary of Department of Health and Human Services for the purpose of investigating or determining compliance with HIPAA. If you have any concerns about the uses of your medical information, please feel free to discuss the issues with your health care providers. If you have questions about this Notice, please call the Privacy Hotline at 1-855-222-0758.

Your Rights Regarding Your Health Information

You have the following rights regarding medical information we maintain about you:

  • To request in writing a restriction on certain uses or disclosures of your medical information for treatment, payment or health care operations (e.g., a restriction on who may access your medical information).Although we will consider your request, we are not legally required to agree to a requested restriction, except we must agree to your written request that we restrict a disclosure of information to a health plan if the information relates solely to an item or service for which you have paid out of pocket in full. We are required to abide by such a request, unless we are required by law to make the disclosure. It is your responsibility to notify any other providers about this restriction.
  • To obtain a paper copy of this notice upon request, even if you have agreed to receive this notice electronically, by contacting the privacy officer PrivacyOfficer@ECMC.edu.
  • To inspect and obtain a copy of your medical information, in most cases. If you request a copy (paper or electronic), we may charge you a reasonable, cost- based fee.
  • To request in writing an amendment to your records if you believe the information in your record is incorrect or important information is missing. We could deny your request to amend a record if the information was not created by us, is not maintained by us, or if we determine the record is accurate. Even if we deny your request for amendment, you have the right to submit a written addendum with respect to any item or statement in your record you believe is incomplete or incorrect.
  • To obtain an accounting of disclosures stating who and where you’re medical information has been disclosed for purposes other than treatment, payment, health care operations or where you specifically authorized a use or disclosure in the past six (6) years. The request must be in writing and state the time period desired for the accounting. After the first request, there may be a charge for additional requests made within a twelve (12) month period.
  • To request that medical information about you be communicated to you in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail, must be summited in writing.
  • All written requests or appeals should be submitted to the applicable Privacy Officer or Health Information Department listed below.

Changes to This Notice

We reserve the right to change this notice at any time. We have the right to make the revised notice effective for any medical information we already have as well as any information we receive in the future. If we make a material change to this notice, we will post the revised notice at our location where you receive services and on our website and make the revised notice available upon request.

Complaints

If you have any questions or would like additional information, or if you believe your privacy rights have been violated, you can contact the Privacy Officer listed below. All complaints to the Department of Health and Human Services must be submitted in writing. You will not be penalized for filing a complaint.

You are now leaving ECMC.edu

Erie County Medical Center Corporation (ECMCC) is not responsible for the content, privacy policy, accuracy or legality of any website accessed through a link on www.ecmc.edu. A link to another website does not constitute an endorsement, guarantee or approval by ECMCC of the linked website, or the information, products or services contained therein.