Policies
Patient Rights Policy
Patient Rights
This policy defines and outlines the rights of patients and what is considered protected information under the Health Insurance Portability and Accountability of 1996 (HIPAA) and our policies. We have an obligation to ensure that patient data is protected and how use or disclosure of their healthcare information may be done in a compliant way. All Tenet facilities must ensure that the requirements and standards described in this policy are adopted and procedures, methods to monitor the procedures and reporting of the monitored activities are put in place.
- Receive a privacy notice telling them how their protected information will be used and disclosed
- Request to restrict the use and disclosure of their protected information
- Inspect, copy and amend their medical records
- Receive a full accounting of how their protected information was disclosed for the past six years
- File a complaint
- Receive a privacy notice telling them how their protected information will be used and disclosed
- Request to restrict the use and disclosure of their protected information
- Inspect, copy and amend their medical records
- Receive a full accounting of how their protected information was disclosed for the past six years
- File a complaint
- Request to restrict the use and disclosure of their protected information
- Inspect, copy and amend their medical records
- Receive a full accounting of how their protected information was disclosed for the past six years
- File a complaint
- Receive a privacy notice telling them how their protected information will be used and disclosed
- Request to restrict the use and disclosure of their protected information
- Inspect, copy and amend their medical records
- Receive a full accounting of how their protected information was disclosed for the past six years
- File a complaint
- Notice of Privacy Practices (NPP) Standard
- Ensures the patient’s right to receive adequate notice of the uses and disclosures of their protected health information (PHI), of the patient’s privacy rights and Tenet’s legal duties with respect to their PHI. Tenet provides each patient with an NPP that is written in plain language and that contains the elements required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Regulations.
- Patient Right to Access PHI Standard
- Identifies and defines the requirements to be followed to address a patient’s right to access his or her PHI stored in a Designated Record Set. This right is described in some detail in the Tenet Facility’s NPP.
- Patient Right to Amend PHI Standard
- Identifies and defines the requirements to be followed by Tenet to address patients’ right to amend their PHI stored in a Designated Record Set. This right is described in some detail in the Tenet Facility’s NPP.
- Patient Right to Restrict PHI and Request Confidential Communications Standard
- Identifies and defines the requirements to be followed to address patients’ right to restrict PHI that are associated with their Designated Record Set and/or requests to receive confidential communications of their PHI by alternative means or at alternative locations. Patients’ rights to restrict their PHI and receive confidential communications are described in some detail in the Tenet Facility’s NPP including a description of any limitations to these rights.
- Personal Representatives and Minors Standard
- Ensures Tenet treats an individual’s personal representative as the individual with respect to uses and disclosures of the individual’s protected health information, as well as the individual’s rights under the Privacy Rule.
- Accounting of Disclosures Standard
- Ensures the patient or his or her Personal Representative right to request an accounting of all Accountable Disclosures of the patient’s PHI; a listing of all disclosures of an individual’s PHI made by the covered entity or its business associates for up to six years preceding the request.
- Ensures the patient’s right to receive adequate notice of the uses and disclosures of their protected health information (PHI), of the patient’s privacy rights and Tenet’s legal duties with respect to their PHI. Tenet provides each patient with an NPP that is written in plain language and that contains the elements required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Regulations.
- Patient Right to Access PHI Standard
- Identifies and defines the requirements to be followed to address a patient’s right to access his or her PHI stored in a Designated Record Set. This right is described in some detail in the Tenet Facility’s NPP.
- Patient Right to Amend PHI Standard
- Identifies and defines the requirements to be followed by Tenet to address patients’ right to amend their PHI stored in a Designated Record Set. This right is described in some detail in the Tenet Facility’s NPP.
- Patient Right to Restrict PHI and Request Confidential Communications Standard
- Identifies and defines the requirements to be followed to address patients’ right to restrict PHI that are associated with their Designated Record Set and/or requests to receive confidential communications of their PHI by alternative means or at alternative locations. Patients’ rights to restrict their PHI and receive confidential communications are described in some detail in the Tenet Facility’s NPP including a description of any limitations to these rights.
- Personal Representatives and Minors Standard
- Ensures Tenet treats an individual’s personal representative as the individual with respect to uses and disclosures of the individual’s protected health information, as well as the individual’s rights under the Privacy Rule.
- Accounting of Disclosures Standard
- Ensures the patient or his or her Personal Representative right to request an accounting of all Accountable Disclosures of the patient’s PHI; a listing of all disclosures of an individual’s PHI made by the covered entity or its business associates for up to six years preceding the request.
- Notice of Privacy Practices (NPP)
- Provided to patients or representatives that describes
- PHI Use and disclosure
- Patients’ rights about PHI
- Tenet’s legal duties about PHI
- NPP must be written in plain language
- NPP contains key elements outlined in HIPAA
- NPP revisions are made when legal changes occur that impact the policy
- Patient’s Right to Request Restrictions
- Situations where a patient may request that their PHI not be disclosed
- When the facility has been paid out-of-pocket in full by the individual or by another person on the individual’s behalf.
- Situation where patient might be denied restriction
- Paid out-of-pocket unbundled services
- Tenet must counsel patient first
- If unable to do so because unbundling is prohibited and offer ability to pay out of pocket for the entire bundle of services
- If the unbundling of services is more costly
- Situations where restriction may be denied
- Using or disclosing PHI to perform treatment, payment or healthcare operations
- Disclosing PHI to patient’s family, relatives, close friend, or representative
- Disclosing PHI to notify or assist in notifying patient’s family, representative or other caregiver of their location, condition or death
- Disclosing to public or private entities assisting in disaster relief efforts (for coordinating patient’s care and informing family, representatives or care giver of their condition)
- Patient’s Requests for Special Communications
- Communication by alternate means may be requested by a patient
- Request must be made in writing to Tenet
- No explanation is required from the patient
- Request cannot be denied because an explanation was not given
- May condition accommodation request on
- Patient providing information on how payment for services will be handled and
- Alternative address or other method of contact specified by patient
- Patient’s Right to Access
- Patient can inspect and obtain copies of their PHI in the Designated Record Set for as long as it is maintained in Tenet’s records
- Except for certain data which is not eligible for access
- Psychotherapy notes
- Information put together for legal proceedings
- Information held by certain research laboratories
- Except if a health care professional believes access may cause harm
- Individual has right to have denial reviewed for a second opinion
- Costs for copies and postage may be charged (as allowed by federal and state laws)
- Patient’s Right to Amend
- Patient may request to have their PHI in the Designated Record Set amended for as long as it is maintained in Tenet’s records
- Request must be made in writing to Tenet
- Facility must notify patient that oral requests must be made in writing
- Patient’s Right to Complain
- Privacy Complaints must be documented and sent to the Privacy Security Compliance Officer
- Patient complaints may be made in writing or in person
- Accounting of Disclosures
- All accountable disclosures are provided to a requestor following a written request
- Within 30 days from the request date
- In a form or format requested by the patient or patient’s representative
- For a period of up to 6 years prior to the request date
- Provided to patients or representatives that describes
- PHI Use and disclosure
- Patients’ rights about PHI
- Tenet’s legal duties about PHI
- NPP must be written in plain language
- NPP contains key elements outlined in HIPAA
- NPP revisions are made when legal changes occur that impact the policy
- Patient’s Right to Request Restrictions
- Situations where a patient may request that their PHI not be disclosed
- When the facility has been paid out-of-pocket in full by the individual or by another person on the individual’s behalf.
- Situation where patient might be denied restriction
- Paid out-of-pocket unbundled services
- Tenet must counsel patient first
- If unable to do so because unbundling is prohibited and offer ability to pay out of pocket for the entire bundle of services
- If the unbundling of services is more costly
- Situations where restriction may be denied
- Using or disclosing PHI to perform treatment, payment or healthcare operations
- Disclosing PHI to patient’s family, relatives, close friend, or representative
- Disclosing PHI to notify or assist in notifying patient’s family, representative or other caregiver of their location, condition or death
- Disclosing to public or private entities assisting in disaster relief efforts (for coordinating patient’s care and informing family, representatives or care giver of their condition)
- Patient’s Requests for Special Communications
- Communication by alternate means may be requested by a patient
- Request must be made in writing to Tenet
- No explanation is required from the patient
- Request cannot be denied because an explanation was not given
- May condition accommodation request on
- Patient providing information on how payment for services will be handled and
- Alternative address or other method of contact specified by patient
- Patient’s Right to Access
- Patient can inspect and obtain copies of their PHI in the Designated Record Set for as long as it is maintained in Tenet’s records
- Except for certain data which is not eligible for access
- Psychotherapy notes
- Information put together for legal proceedings
- Information held by certain research laboratories
- Except if a health care professional believes access may cause harm
- Individual has right to have denial reviewed for a second opinion
- Costs for copies and postage may be charged (as allowed by federal and state laws)
- Patient’s Right to Amend
- Patient may request to have their PHI in the Designated Record Set amended for as long as it is maintained in Tenet’s records
- Request must be made in writing to Tenet
- Facility must notify patient that oral requests must be made in writing
- Patient’s Right to Complain
- Privacy Complaints must be documented and sent to the Privacy Security Compliance Officer
- Patient complaints may be made in writing or in person
- Accounting of Disclosures
- All accountable disclosures are provided to a requestor following a written request
- Within 30 days from the request date
- In a form or format requested by the patient or patient’s representative
- For a period of up to 6 years prior to the request date
- Training
- On-Line Training
- Documented and maintained in Tenet’s online education system
- Classroom Training
- Attendance is documented and maintained by HR
- Training Materials
- Maintained per records management and record retention policy
- Training Completion
- Documentation includes time, date, place and content for training session
- Mitigation
- Violations or Allegations
- Reported to the Privacy Security Compliance Officer or Privacy Incident Response Team (PIRT)
- Investigations
- Privacy Security Compliance Officer investigates all violations and allegations
- Patient Reporting
- Patient, visitor or other individual may report to any Tenet person
- Mitigation
- Compliance Committee and PIRT mitigates harmful results that have occurred
- Sanctions
- Documentation
- HR documents imposed sanctions on the workforce member
- Documentation is maintained per records and retention schedule
Disciplinary Guidelines Standard
Information Privacy Security Administration Policy
Ethics and Compliance Training