Privacy Practices

This Notice of Privacy Practices (this “Notice”) describes how health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Notice of Privacy Practices

Nuvance Health participates as an Organized Health Care Arrangement (“OHCA”) with seven (7) hospital locations and numerous medical practice and associated entities throughout Western Connecticut and New York’s Hudson Valley sharing health information for treatment of our patients, billing for services, and shared healthcare operations. This Notice applies to: Nuvance Health and its affiliates, as listed, including but not limited to Western Connecticut Health Network, Inc. and its affiliates, The Danbury Hospital and its New Milford campus (“Danbury Hospital”), The Norwalk Hospital Association (“Norwalk Hospital”), Nuvance Health Medical Practice CT, Inc., Western Connecticut Home Care, Inc., and Western Connecticut Health Network Affiliates, Inc., and Health Quest Systems, Inc. and its affiliates Northern Dutchess Hospital, Putnam Hospital, Vassar Brothers Medical Center, Sharon Hospital, Nuvance Health Medical Practice, P.C., and Health Quest Home Care, Inc. (collectively, “Nuvance Health”, “our”, “us” or  “we”) Privacy Practices. 

The term "health information," as used in this Notice, refers to any individually identifiable information which is created, received, maintained, or transmitted by Nuvance Health, and which concerns your health care and treatment, and payment for such care and treatment. Special Federal and State privacy protections, not specifically outlined within this Notice, may apply to HIV-related health information, substance use disorder information, mental health information, reproductive health, and genetic or genetic testing information.    Some parts of this Notice may not apply to these types of information.  If you have questions about these special protections, please contact Nuvance Health’s HIPAA Privacy and Security Officer.

We are required by law to maintain the privacy of your health information; to provide you this detailed Notice of our legal duties and privacy practices relating to your health information; to notify affected individuals following a breach of unsecured health information; and to abide by the terms of the Notice that are currently in effect. With respect to the medical staffs of Danbury Hospital, including its New Milford Hospital campus, Northern Dutchess Hospital, Norwalk Hospital, Putnam Hospital, Sharon Hospital, and Vassar Brothers Medical Center, this Notice applies to uses and disclosures of your health information by the medical staff in relation to services you receive while an inpatient or outpatient at the applicable hospital. Your health information will be shared among the entities covered by this Notice on an ongoing basis for treatment, payment and health care operations and other purposes associated with the joint management of your medical record.
 

Your Rights Regarding Your Health Information

Listed below are your rights regarding your health information. You have the right to:
 
Right to Inspect and/or Obtain Record Copies: You have the right to inspect and obtain either electronic or paper form of any of your health information that may be used to make decisions about your care, subject to some exceptions. We will produce the records in the specific format that you request if it is feasible to do so.  Your request must be made in writing. In most cases we may charge a reasonable fee for our costs in copying and mailing your requested information. If you are denied access to health information, in some cases you have a right to request review of the denial. 

We ordinarily will respond to requests for copies within 30 days if the information is located on-site and within 60 days if it is located in off-site storage.  If we need additional time to respond to a request for copies, we will notify you in writing within the time frame above to explain the reason for the delay and when you can expect to have a final answer to your request.

Request Restrictions. You have the right to request restrictions on our use or disclosure of your health information for treatment, payment, or health care operations. We require that any requests for use or disclosure of medical information be made in writing. You request should include (1) what information you want to limit; (2) whether you want to limit how we use the information, how we share it with others, or both; and (3) to whom you want the limits to apply.  

In some cases, we are not required to agree to your requested restriction. If we do agree to accept your requested restriction, we will comply with your request unless the information is needed to provide you with emergency treatment or comply with the law. You may request a restriction of sharing health information with your health plan if payment for the services we provide is made out-of-pocket, in full, by you or anyone on your behalf. 

Request Confidential Communications: You have the right to request that we communicate with you concerning your health matters in a certain manner such as calling you at work rather than at home. We will accommodate your reasonable requests. Your request must specify how or where you wish to be contacted. 

Request Amendment: You have the right to request amendment of your health information maintained by us for as long as the information is kept by or for us. Your request must be made in writing and must state the reason for the requested amendment. We ordinarily will respond to your request within 60 days.  If we need additional time to respond, we will notify you in writing within the 60 days to explain the reason for the delay and tell you when you can expect to have a final answer to your request.

 

We may deny your request for amendment if (1) the information requested for amendment was not created by Nuvance Health and the originator of the information is available to amend the records; or (2) the information requested for amendment is not part of the “designated record set” as defined by law; or (3) the information would not be available for inspection under 45 CFR §164.526; or (4) the information requested to be amended is accurate and complete prior to amendment. If we deny your request for amendment, we will give you a written denial including the reasons for the denial and the right to submit a written statement disagreeing with the denial. 

Request an Accounting of Disclosures: You have the right to request an “accounting of disclosures”, which is a list of what information about how your health information has been disclosed outside Nuvance Health or other than through a health information exchange that you have not opted out of. An accounting will not include:

  • Disclosures we made to you or your personal representative;
  • Disclosures we made pursuant to your written authorization;
  • Disclosures we made for treatment, payment, or business operations;
  • Disclosures we made from the patient directory;
  • Disclosures made to your friends and family involved in your care or payment for your care;
  • Disclosures that were incidental to permissible uses and disclosures of your health information (for example, which information is overheard by another person passing by);
  • Disclosures for purposes of research, public health, or our business operations of limited portions of your health information that do not directly identify you;
  • Disclosures made to federal officials for national security and intelligence activities;
  • Disclosures about inmates to correctional institutions or law enforcement officers;
  • Disclosures made before September 1, 2007.

Your request must state a time period within the past 6 years for the disclosures you want us to include.  or list of certain disclosures of your health information within the last six (6) years. The first accounting provided within a 12-month period will be free; for further requests, we may charge you our costs.  We will notify you of any costs involved so that you may choose to withdraw or modify your request before any costs are incurred.

We ordinarily will respond to your request for an accounting within 60 days.  If we need additional time to prepare the accounting list you have requested, we will notify you in writing about the reason for the delay and the date when you can expect to receive the accounting list. 

Request a Paper Copy of This Notice: You have the right to obtain a paper copy of this Notice, even if you have agreed to receive this Notice electronically. You may request a copy of this Notice at any time. 

Request that Another Person May Act on Your Behalf: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. Nuvance Health will require validation of this authority prior to taking any action.

File a Complaint if you Feel Any of Your Rights Have Been Violated: You have the right to file a complaint if you feel Nuvance Health has violated any of your privacy rights by contacting Nuvance Health’s Corporate Compliance Department at: 
HIPAA Privacy and Security Officer 
Corporate Compliance Office
Nuvance Health, 100 Reserve Road, Danbury, CT 06810

Compliance Hotline: 1-844-395-9331 or 1-844-YES-WECOMPLY
Compliance@NuvanceHealth.org
Anonymous and confidential reports may also be made online at: www.nuvancehealth.ethicspoint.com

You also have the right to file a formal complaint with the Federal Government if you feel your rights have been violated.
To obtain further information about the federal privacy rules or to submit a complaint to the Department of Health and Human Services, you may contact the Department of Health and Human Services via electronic mail at ocrmail@hhs.gov or at the following: 
Region II: New York 
Regional Manager Office for Civil Rights 
U.S. Department of Health and Human Services
Jacob Javitz Federal Building 
26 Federal Plaza, Suite 3312 New York, NY 10278 
Phone: (800) 368-1019 | Fax: (202) 619-3818 | TDD: (800) 537-7697
 

How We May Use and Disclose Health Information About You

The following categories describe various ways that we use and disclose your health information. For each category of use or disclosure, we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose health information will fall within one of the categories. 

Treatment. We may use your health information to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, healthcare students, or other personnel who are involved in taking care of you. A doctor at the hospital may share your health information with another doctor inside our hospital, or with a doctor at another hospital, to determine how to diagnose or treat you. Your doctor may also share your health information with another doctor to whom you have been referred for further health care. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietitian if you have diabetes so that we can arrange for appropriate meals. Different departments within Nuvance Health may also share your health information in order to coordinate the different services you need, such as prescriptions, lab work, x-rays, and clergy. We also may disclose medical information about you to people outside of Nuvance Health involved in your medical care upon discharge, such as family members or other healthcare professionals. 

Payment. We may use and disclose your health information so that the treatment and services you receive at Nuvance Health may be billed to and payment may be collected from you, an insurance company or a third party. For example, we may need to give your health plan information about the services you received while under our care so your health plan will pay us or reimburse you. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment, when necessary.  You may direct us not to share specific health information with your insurance company relating to a service you plan to pay for and do pay for personally.  It is your responsibility, however, to inform other providers who may receive copies of your Nuvance Health record that they may not share this information with your insurer.  

Health Care Operations. We may use and disclose your health information about you for Nuvance Health operations, as necessary to make sure that all of our patients receive quality care. For example, we may use medical information to review our treatments and services and to evaluate the performance of our staff in caring for you. We also might combine medical information about many of our patients to decide what additional services we should offer, what services are not needed, and whether certain new treatments are effective.  We also might disclose information to doctors, nurses, technicians, healthcare students, and other Nuvance Health personnel for review and learning purposes. Additionally, the medical information we have may be combined with medical information from other providers to compare how we are doing and see where we can make improvements in our care and service. We might remove information that identifies you from this set of medical information so others can use it to study healthcare and healthcare delivery without learning a patient's identity. 

Business Associates: We may disclose the minimum amount of your health information to a contractor, agent, or third-party business associates who need the information in order to assist us with obtaining payment or carrying out our business operations. For example, we may use another company to perform medical billing services. All of our business associates are required to maintain the privacy and confidentiality of your health information. If we do disclose your health information to a business associate, we will have a written contract with them that requires them and any of its subcontractors to protect the privacy of your health information.  They and their subcontractors are independently required by federal law to protect your information.

In addition, at the request of your other health care providers or health plan, we may disclose your medical information to their authorized business associates for purposes of performing certain business functions or health care services on their behalf. For example, we may disclose medical information to a business associate of Medicare for purposes of medical necessity review and audit. 

Individuals Involved in Your Care or Payment for Your Care. If you do not object, we may release your health information to individuals involved in your medical care or are involved in the payment for that care. In addition, we may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location. 

In-Patient Directory. If you do not object, we may include certain limited information about you in our directory while you are a patient here. This information may include your name, location, general condition (e.g., fair, stable, etc.) and religious affiliation. The directory information, except for your religious affiliation, may be released to people who ask for you by name. If you do not object, your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they do not ask for you by name. If you wish to opt out or restrict access to any of this information, please let us know when you register for inpatient services at any Nuvance Health hospital.

Health Information Exchange. We may share information that we obtain or create about you with other health care providers or other health care entities, such as your health plan or health insurer, as permitted by law, through Health Information Exchanges (HIEs) in which we participate. For example, information about your past medical care and current medical conditions and medications can be available to us or to your primary care physician or hospital outside of Nuvance Health, if they participate in the HIE as well. You may choose to opt-out of certain HIEs by following the instructions for opting-out on the consent form provided.

 

Appointment Reminders: We may use or disclose health information to remind you about appointments. 

Email Use. Email will only be used for communications in accordance with Nuvance Health policies and practices and with your permission. We will only use secured, encrypted email methods of communication. 

Treatment Alternatives and Health-Related Benefits and Services. We may use and disclose your health information to inform you about treatment alternatives and health-related benefits and services that may be of interest to you. 

Research. Under certain circumstances, we may use and disclose medical information about you for research purposes. For example, a research project could involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of medical information, trying to balance the research needs with patients' need for privacy of their medical information. All research projects are subject to an approval process involving an Institutional Review Board (IRB). The IRB evaluates proposed research projects and their use of health information, balancing research needs and a patients' right to privacy. We may disclose health information about you to people preparing to conduct a research project in order to help identify patients with specific medical needs. Health information disclosed during this process never leaves our control. We might ask for specific permission from you if the researcher will have access to your name, address or other information that reveals who you are, or will be involved in your care at Nuvance Health. 

Fundraising Activities. We may use your demographic information about you, including information about your age, date of birth and gender, where you live or work, the type of insurance you have, and limited clinical information including the dates that you received treatment, the department and physician that provided you with services and outcome information, in order to contact you to raise money to help us improve our facilities and programs.   You have the right to opt-out of receiving fundraising communications. Any fundraising communication sent to you will let you know how you can opt-out of receiving similar communications in the future, or you may opt-out of receiving fundraising communications by sending your name and address to the foundation, together with a statement that you do not wish to receive fundraising materials or communications from us. We will not sell your health information without your authorization.  Your treatment or payment will not be conditioned on your choice with respect to the receipt of fundraising communications. 

To Avert a Serious Threat to Health or Safety: When necessary to prevent a serious threat to your health or safety or the health or safety of the public or another person, we may use or disclose health information, limiting disclosures to someone able to help lessen or prevent the threatened harm. 

As Required By Law: We may use or disclose your health information when required by law to do so by federal, state, or local law.

 

Special Situations

Emergencies. We may use or disclose your health information as necessary in emergency treatment situations. 

 

Communication Barriers. We may use and disclose your health information if we are unable to obtain your consent because of substantial communication barriers and we believe you would want us to treat you if we could communicate with you. 

 

Coroners, Medical Examiners, Funeral Directors, Organ Procurement Organizations: We may release your health information to a coroner, medical examiner, funeral director or, if you are an organ donor, to an organization involved in the donation of organs and tissue. 

 

Military and Veterans: If you are a member of the armed forces, we may use and disclose your health information as required by military command authorities for activities they deem necessary to carry out their military mission. We may disclose health information about foreign military personnel to the appropriate foreign military authority.

Reporting Victims of Abuse, Neglect or Domestic Violence: If we believe that you have been a victim of abuse, neglect, or domestic violence, we may use and disclose your health information to notify a government authority, if required by law or if you agree to the report.

 

Inmates/Law Enforcement Custody: If you are under the custody of a law enforcement official or a correctional institution, we may disclose your health information to the institution or law enforcement official, if necessary, to provide you with healthcare, or to maintain, safety, security, and good order at the place where you are confined.  This includes sharing information that is necessary to protect the health and safety of other inmates or persons involved in supervising or transporting inmates.

 

Disaster Relief: Unless you object, we may disclose health information about you to a disaster relief organization. 

 

Public Health Activities: We may disclose your health information to public health officials so that they may carry out their public health activities. These activities generally include the following:

 

  • To prevent or control disease, injury or disability 
  • To report births and deaths 
  • To report child abuse or neglect 
  • To report reactions to medications or problems with products 
  • To notify people of recalls of products they may be using 
  • To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition 
  • To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law. 

 

Health Oversight Activities: We may disclose your health information to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, and licensure actions or for activities involving government oversight of the health care system. These activities are necessary for the government to monitor the health care system, government programs and compliance with civil rights laws. 

 

Lawsuits and Disputes. We may disclose your health information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested. 

 

Law Enforcement. We may release your health information for certain law enforcement purposes, if asked to do so by a law enforcement official: 

 

  • In response to a court order, subpoena, warrant, summons or similar process 
  • To identify or locate a suspect, fugitive, material witness, or missing person 
  • About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person's agreement 
  • About a death we believe may be the result of criminal conduct 
  • About criminal conduct that occurred on our property
  • In emergency circumstances, to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime 

 

National security and intelligence activities. We may release your health information to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law. 

 

Protective services for the President and others. We may disclose your health information to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations. 

 

Workers’ Compensation. We may use or disclose your health information to comply with laws relating to workers’ compensation or similar programs. 

 

Uses and Disclosures That Require Your Authorization

We will not use health information about you for any purposes not specifically allowed by federal or state laws or regulations without your written authorization. Specifically, the following types of uses and disclosures of your health information require an authorization: 

 

Marketing. Your written authorization is required for us to use or disclose your health information for marketing purposes. If marketing activities are to result in payment to us from a third-party, we will state this on the authorization. 

 

Psychotherapy Notes. Most uses and disclosures of psychotherapy notes (as defined by HIPAA) require your written authorization except for use by the originator of the psychotherapy notes for treatment or health oversight activities, training, or if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and is made to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat 

 

Sale of Health Information. We are required to obtain your written authorization before using or disclosing your health information for purposes other than those discussed in the preceding sections of this Notice or as otherwise permitted or required by law. Any authorization for the sale of health information will state that the disclosure will result in payment to us.

 

Other uses and disclosures of health information not described in this Notice will not be made unless you provide a written authorization, and that authorization may be revoked prospectively at any time by written revocation.

 

Breach Notifications

Nuvance Health makes every effort to secure your health information, including the use of encryption whenever possible. In the event that any of your health information that has not been encrypted is the subject of a breach, we will provide you with a written or electronic notification about the breach as required by federal law. 

For Further Information or to File a Privacy Complaint

To obtain a copy of the most current Notice, to exercise any of your rights described in this Notice, or to receive further information about the privacy of your medical information, you may contact Nuvance Health’s Privacy Officer at: 

HIPAA Privacy and Security Officer 

Corporate Compliance Office

Nuvance Health, 100 Reserve Road, Danbury, CT 06810

Compliance Hotline: 1-844-395-9331 or 1-844-YES-WECOMPLY

Compliance@NuvanceHealth.org

Anonymous and confidential reports may also be made online at: www.nuvancehealth.ethicspoint.com

 

To obtain further information about the federal privacy rules you may contact the Department of Health and Human Services via electronic mail at ocrmail@hhs.gov or at the following: 

Region II: New York
Regional Manager Office for Civil Rights 
U.S. Department of Health and Human Services
Jacob Javitz Federal Building 
26 Federal Plaza, Suite 3312 New York, NY 10278 
Phone: (800) 368-1019 | Fax: (202) 619-3818 | TDD: (800) 537-7697

 

Electronic Copy of This Notice. You may obtain an electronic copy of the most current version of this Notice here.

 

Changes to This Notice

We reserve the right to change this Notice and to make the revised or new Notice provisions effective for all health information already received and maintained by us as well as for all health information we receive in the future. We will provide a copy of the revised Notice upon request. 

 

Nuvance Health Affiliates 

This Notice applies to all Nuvance Health facilities, units, and affiliate entities including, without limitation, the following:

  • Nuvance Health
  • Putnam Hospital
  • Nuvance Insurance Company, Ltd.
  • Health Quest Systems, Inc.
  • Sharon Hospital
  • Alamo Ambulance Service, Inc.
  • Western Connecticut Health Network, Inc.
  • Taconic IPA, Inc. (“Taconic ACO”)
  • New Milford MRI, LLC
  • Danbury Hospital and its New Milford campus
  • Vassar Brothers Medical Center
  • Norwalk Surgery Center, LLC
  • Eastern New York Medical Services, P.C.
  • Western Connecticut Home Care Inc.
  • Physicians Network, P.C.
  • Health Quest Home Care, Inc (Licensed and Certified)
  • Western Connecticut Health Network Physician Hospital Organization ACO, Inc.
  • Hudson Valley Newborn Physician Services, PLLC
  • Nuvance Health Medical Practice, P.C.
  • SWC Corporation
  • Danbury Hospital & New Milford Hospital Foundation, Inc.
  • Hudson Valley Cardiovascular Practice, P.C.
  • Nuvance Health Medical Practice CT, Inc.
  • Norwalk Hospital Foundation, Inc.
  • Vassar Health Quest Medical Practice of Connecticut, Inc.
  • Western Connecticut Health Network Affiliates, Inc. (Danbury Diagnostic Imaging, Ridgefield Diagnostic Imaging, and Nuvance Health Ambulance)
  • Vassar Brothers Hospital Foundation
  • Northern Dutchess Hospital
  • Putnam Hospital Center Foundation, Inc.
  • NDH Foundation
  • The Norwalk Hospital Association

 
Last updated: April 15, 2024