HEALTH CARE AUTHORITY OF THE CITY OF OXFORD, ALABAMA

Notice of Privacy Practices

IMPORTANT: THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.  

The Health Care Authority of the City of Oxford, Alabama (Oxford Health Systems), is required by law to maintain the privacy of your protected health information (PHI). We must provide you with the attached detailed Notice of Privacy Practices Notice explaining our legal duties and privacy practices concerning your PHI.  

Uses and Disclosures of PHI:

The Health Care Authority of the City of Oxford, Alabama, may use your PHI for treatment, payment, and health care operations, in most cases, without your written permission. Examples of our use of your PHI:  

For Treatment:

This disclosure includes verbal and written information we obtain about you and your medical condition and treatment provided by other medical personnel and us (including nurses and physicians who give orders to allow us to provide treatment to you). It also includes information we give to other health care personnel to whom we transfer your care and treatment and consists of the transfer of PHI via radio or telephone to the hospital or dispatch center as well as providing the hospital with a copy of the written record we create in the course of providing you with treatment and transport.  

For Payment:

We may use and disclose your PHI for any activities we must undertake to get reimbursed for the service that we provide to you. This use includes organizing your PHI, submitting bills to insurance companies (either directly or through a third-party billing company), managing billed claims for services rendered, performing medical necessity determinations and reviews, and collecting outstanding accounts. We may also disclose PHI to another healthcare provider or entity that receives the PHI (such as your hospital).

For Healthcare Operations:

For quality assurance activities, licensing, and training programs to ensure our personnel meet standards of care and follow established policies and procedures. To obtain legal and financial services, conduct business planning, process grievances and complaints, and create reports that do not individually identify you for data collection purposes, fundraising and marketing.  

Other uses of your PHI we can make without authorization.

  • For healthcare fraud and abuse detection or activities related to compliance with the law;
  • To a family member, other relatives, close personal friend, or other individual involved in your care;
  • To a public health authority in certain situations (such as reporting a birth, death, or disease, as required by law), as part of a public health investigation, to report adverse events such as product defects, or to notify a person about exposure to possible communicable disease, as required by law;
  • For health oversight activities, including audits or other actions undertaken by the government (or their contractors) by law to oversee the healthcare system;
  • For judicial and administrative proceedings, as required by a court or in some cases in response to a subpoena or other legal process;
  • For law enforcement activities in limited situations, such as when there is a warrant for the request or when the information is need to locate a suspect or stop a crime;
  • To avert a serious threat to the health and safety of a person or the public.
  • For workers’ compensation purposes and in compliance with workers’ compensation laws;
  • To coroners, medical examiners, and funeral directors for identifying a deceased person, determining the cause of death, or carrying out their duties as authorized by law;
  • If you are an organ donor, we may release health information to organizations that handle organ procurement or organ donation and, as necessary, facilitate organ donation and transplantation.

Uses and Disclosures of your PHI that require your written authorization

Any other use or disclosure of PHI other than those listed above will only occur with your written consent, and you may revoke this authorization at any time by contacting us. Specifically, we must obtain your written permission before using or disclosing; (a) psychotherapy notes, other than for carrying out our treatment, payment, or health care operation purposes, (b) PHI for marketing communication or when engaging in a sale of your PHI.  

Your rights regarding your PHI

As a patient, you have several rights concerning your PHI, including; Right to access, copy, or inspect your PHI. You have the right to inspect and obtain a paper or electronic copy of most of the PHI we collect and maintain about you. You also have the right to request that we transmit your PHI to a third party. Requests for access to your PHI or to share your PHI with a third party should be made in writing to our HIPAA Compliance Officer and by filling out an access request form.  

Right to request an amendment of your PHI:

You have the right to ask us to amend PHI that we maintain about you. Requests for amendments to your PHI must be in writing, and you should contact our HIPAA Compliance Officer if you wish to request an amendment.

Right to request an accounting of certain disclosures of your PHI

You may request an accounting of certain disclosures of your PHI. The Health Care Authority of the City of Oxford, Alabama, will provide an accounting of those disclosures we must account for under HIPAA. If you wish to request an accounting of your PHI disclosures subject to the accounting requirement, you should contact our HIPAA Compliance Officer and request it in writing.  

Right to request restrictions on the uses and disclosures of your PHI

You have the right to request that we restrict how we use and disclose your PHI for treatment, payment, or healthcare operation purposes or to restrict the information provided to family, friends, and other individuals involved in your healthcare. However, we must only abide by a requested restriction under limited circumstances. It is generally our policy that we will not agree to any restrictions unless the law requires such. If you wish to request a restriction on the use or disclosure of your PHI, you should contact our HIPAA Compliance Officer and request it in writing.

Right to notice of a breach of unsecured PHI

If we discover that there has been a breach of your unsecured PHI, we will notify you about that breach by first-class mail sent to the most recent address that we have on file. If you prefer to be notified by electronic mail, please contact our HIPAA Compliance Officer to make The Health Care Authority of the City of Oxford, Alabama, aware of this preference and to provide a valid email address to send the electronic notice.

Right to request confidential communications

You have the right to request that we send your PHI to an alternate location (e.g., somewhere other than your home address) or in a specific manner (e.g., by email rather than regular mail). If you request that we communication PHI to a particular location or specific format, you should contact our HIPAA Compliance Officer and request in writing.

Revisions to this notice

The Health Care Authority of the City of Oxford, Alabama must abide by the terms of the version of this notice currently in effect. However, The Health Care Authority of the City of Oxford, Alabama, reserves the right to change the terms of this notice at any time. The changes will be effective immediately and apply to all PHI we maintain, and we will promptly post notice of any material changes. You can get a copy of the latest version of this notice by contact our HIPAA Compliance Officer.

Your legal rights and complaints

You may complain to the secretary of the United States Department of Health and Human Services or us.

If you file a complaint with the government or us, there will be no retaliation against you.  

If you have any questions or if you wish to file a complaint or exercise any rights listed in this notice, contact:

Isaac H. Jones, Chief Administrative Officer, Oxford Health Systems, 2011 Bynum Blvd., Eastaboga, Alabama 36260

Electronic Privacy Policy

Who we are

Our website address is: https://oxfordhealthsystemsprimarycare.tempurl.host.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.