This Notice applies to: Nuvance Health and its affiliates as set forth in Attachment “1”, including Western Connecticut Health Network, Inc. and its affiliates The Danbury Hospital, The Norwalk Hospital Association (“Norwalk Hospital”), Nuvance Health Medical Practice CT, Inc., and Western Connecticut Home Care, Inc., and Health Quest Systems, Inc. and its affiliates Northern Dutchess Hospital, Putnam Hospital, Vassar Brothers Medical Center, Sharon Hospital, Nuvance Health Medical Practice, P.C., and Health Quest Home Care, Inc. (collectively, “Nuvance Health”, “our”, “us” or  “we”) Privacy Practices.

The term "health information," as used in this Notice, refers to any individually identifiable information which is created, received, maintained or transmitted by Nuvance Health, and which concerns your health care and treatment, and payment for such care and treatment. Special privacy protections, not outlined within this Notice, may apply to HIV-related health information, substance use disorder information, mental health information, and genetic or genetic testing information.

We are required by law to maintain the privacy of your health information; to provide you this detailed Notice of our legal duties and privacy practices relating to your health information; to notify affected individuals following a breach of unsecured health information and to abide by the terms of the Notice that are currently in effect. With respect to the medical staffs of Danbury Hospital, New Milford Hospital, Northern Dutchess Hospital, Norwalk Hospital, Putnam Hospital, Sharon Hospital, Vassar Brothers Medical Center, this Notice applies to uses and disclosures of your health information by the medical staff in relation to services you receive while a Hospital inpatient or outpatient. Your health information will be shared among the entities covered by this Notice on an ongoing basis for treatment, payment and health care operations and other purposes associated with the joint management of the medical record.

How We May Use and Disclose Health Information About You

The following categories describe various ways that we use and disclose your health information. For each category of use or disclosure, we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.

Treatment. We may use your health information to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, healthcare students, or other personnel who are involved in taking care of you. A doctor at the hospital may share your health information with another doctor inside our hospital, or with a doctor at another hospital, to determine how to diagnose or treat you. Your doctor may also share your health information with another doctor to whom you have been referred for further health care. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietitian if you have diabetes so that we can arrange for appropriate meals. Different departments within Nuvance Health may also share your health information in order to coordinate the different services you need, such as prescriptions, lab work, x-rays and clergy. We also may disclose medical information about you to people outside of Nuvance Health involved in your medical care upon discharge, such as family members or other healthcare professionals.

Payment. We may use and disclose your health information so that the treatment and services you receive at Nuvance Health may be billed to and payment may be collected from you, an insurance company or a third party. For example, we may need to give your health plan information about the services you received while under our care so your health plan will pay us or reimburse you. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.

Health Care Operations. We may use and disclose your health information about you for Nuvance Health operations, as necessary to make sure that all of our patients receive quality care. For example, we may use medical information to review our treatments and services and to evaluate the performance of our staff in caring for you. We also might combine medical information about many of our patients to decide what additional services we should offer, what services are not needed, and whether certain new treatments are effective.  We also might disclose information to doctors, nurses, technicians, healthcare students, and other Nuvance Health personnel for review and learning purposes. Additionally, the medical information we have may be combined with medical information from other providers to compare how we are doing and see where we can make improvements in our care and service. We might remove information that identifies you from this set of medical information so others can use it to study healthcare and healthcare delivery without learning a patient's identity.

Business Associates: We may disclose your protected health information to a contractor or third-party business associate that we contract with to perform certain business functions or provide certain business services on our behalf, such as auditing, billing, legal services, etc. For example, we may use another company to perform medical billing services. All of our business associates are required to maintain the privacy and confidentiality of your health information. In addition, at the request of your other health care providers or health plan, we may disclose your medical information to their authorized business associates for purposes of performing certain business functions or health care services on their behalf. For example, we may disclose medical information to a business associate of Medicare for purposes of medical necessity review and audit.

Individuals Involved in Your Care or Payment for Your Care. We may release your health information to individuals involved in your medical care and we also may give information to someone who helps pay for your care, unless you object and ask us not to provide this information to specific individuals, in writing. In addition, we may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.

Patient Directory. We may include certain limited information about you in our directory while you are a patient here. This information may include your name, location, general condition (e.g., fair, stable, etc.) and religious affiliation. The directory information, except for your religious affiliation, also may be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they do not ask for you by name. This is so your family, friends and clergy can visit and generally know how you are doing.

Health Information Exchange. We may share information that we obtain or create about you with other health care providers or other health care entities, such as your health plan or health insurer, as permitted by law, through Health Information Exchanges (HIEs) in which we participate. For example, information about your past medical care and current medical conditions and medications can be available to us or to your primary care physician or hospital outside of Nuvance Health, if they participate in the HIE as well. You may choose to opt-out of certain HIEs by following the instructions for opting-out on the consent form provided.

Appointment Reminders: We may use or disclose health information to remind you about appointments.

Email Use.  Email will only be used for communications in accordance with Nuvance Health policies and practices and with your permission. We will only use secured, encrypted email methods of communication.

Treatment Alternatives and Health-Related Benefits and Services. We may use and disclose your health information to inform you about treatment alternatives and health-related benefits and services that may be of interest to you.

Research. Under certain circumstances, we may use and disclose medical information about you for research purposes. For example, a research project could involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of medical information, trying to balance the research needs with patients' need for privacy of their medical information. All research projects are subject to an approval process involving an Institutional Review Board (IRB). The IRB evaluates proposed research projects and their use of PHI, balancing research needs and a patients' right to privacy. We may disclose PHI about you to people preparing to conduct a research project in order to help identify patients with specific medical needs. PHI disclosed during this process never leaves our control. We might ask for specific permission from you if the researcher will have access to your name, address or other information that reveals who you are, or will be involved in your care at Nuvance Health.

Fundraising Activities. We may use your health information to contact you in an effort to raise money for the Entity and its operations. We may disclose patient contact information to a foundation related to the Entity so that the foundation may contact you in raising money. We only would release contact information, such as your name, address and phone number, the dates you received treatment or services, the department which treated you, your treating physician, and your medical outcomes. You have the right to opt-out of receiving fundraising communications. Any fundraising communication sent to you will let you know how you can opt-out of receiving similar communications in the future, or you may opt-out of receiving fundraising communications by sending your name and address to the foundation related to the Entity, together with a statement that you do not wish to receive fundraising materials or communications from us. Your treatment or payment will not be conditioned on your choice with respect to the receipt of fundraising communications.

To Avert a Serious Threat to Health or Safety: When necessary to prevent a serious threat to your health or safety or the health or safety of the public or another person, we may use or disclose health information, limiting disclosures to someone able to help lessen or prevent the threatened harm.

As Required By Law: We may use or disclose your health information when required by law to do so by federal, state or local law.

Special Situations

Emergencies. We may use or disclose your health information as necessary in emergency treatment situations.

Communication Barriers. We may use and disclose your health information if we are unable to obtain your consent because of substantial communication barriers and we believe you would want us to treat you if we could communicate with you.

Coroners, Medical Examiners, Funeral Directors, Organ Procurement Organizations: We may release your health information to a coroner, medical examiner, funeral director or, if you are an organ donor, to an organization involved in the donation of organs and tissue.

Military, Veterans and Other Specific Government Functions: If you are a member of the armed forces, we may use and disclose your health information as required by military command authorities. We may disclose health information for national security purposes or as needed to protect the President of the United States or certain other officials or to conduct certain special investigations.

Reporting Victims of Abuse, Neglect or Domestic Violence: If we believe that you have been a victim of abuse, neglect or domestic violence, we may use and disclose your health information to notify a government authority, if authorized by law or if you agree to the report.

Inmates/Law Enforcement Custody: If you are under the custody of a law enforcement official or a correctional institution, we may disclose your health information to the institution or law enforcement official. This release would be necessary for the correctional institution to provide you with healthcare, to protect your health and safety or the health and safety of others, as well as for the safety of the institution itself.

Disaster Relief: Unless you object, we may disclose health information about you to a disaster relief organization.

Public Health Activities: We may disclose your health information for public health activities. These activities generally include the following:

• To prevent or control disease, injury or disability
• To report births and deaths
• To report child abuse or neglect
• To report reactions to medications or problems with products
• To notify people of recalls of products they may be using
• To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition
• To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.

Health Oversight Activities: We may disclose your health information to a health oversight agency for activities authorized by law, such as audits, investigations, inspections and licensure actions or for activities involving government oversight of the health care system. These activities are necessary for the government to monitor the health care system, government programs and compliance with civil rights laws.

Lawsuits and Disputes. We may disclose your health information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.

Law Enforcement. We may release your health information for certain law enforcement purposes, if asked to do so by a law enforcement official:

• In response to a court order, subpoena, warrant, summons or similar process
• To identify or locate a suspect, fugitive, material witness, or missing person
• About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person's agreement
• About a death we believe may be the result of criminal conduct
• About criminal conduct at Provider
• In emergency circumstances, to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime

National security and intelligence activities. We may release your health information to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law.

Protective services for the President and others. We may disclose your health information to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.

Workers’ Compensation. We may use or disclose your health information to comply with laws relating to workers’ compensation or similar programs.

Uses and Disclosures That Require Your Authorization

We will not use your PHI for any purposes not specifically allowed by federal or state laws or regulations without your written authorization. Specifically, the following types of uses and disclosures of your medical information require an authorization:

Marketing. Your written authorization is required for us to use or disclose your medical information for marketing purposes. If marketing activities are to result in payment to us from a third-party we will state this on the authorization.

Psychotherapy Notes. Most uses and disclosures of psychotherapy notes (as defined by HIPAA) require your written authorization except for use by the originator of the psychotherapy notes for treatment or health oversight activities, training or if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and is made to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat

Sale of PHI. We are required to obtain your written authorization before using or disclosing your health information for purposes other than those discussed in the preceding sections of this Notice or as otherwise permitted or required by law. Any authorization for the sale of medical information will state that the disclosure will result in payment to us.

Other uses and disclosures not described in this Notice will not be made unless an individual provides an authorization and that authorization may be revoked prospectively at any time by written revocation.

Your Rights Regarding Your Health Information

Listed below are your rights regarding your health information. You have the right to:

Request Restrictions. You have the right to request restrictions on our use or disclosure of your health information for treatment, payment, or health care operations. We require that any requests for use or disclosure of medical information be made in writing. In some cases, we are not required to agree to your requested restriction. If we do agree to accept your requested restriction, we will comply with your request. You may request a restriction of sharing PHI with your health plan if payment is made out-of-pocket, in full, by anyone on the patient’s behalf. This does not apply when disclosure is required by law.

To request restrictions, you must make your request in writing. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse.

Request Confidential Communications: You have the right to request that we communicate with you concerning your health matters in a certain manner such as calling you at work rather than at home. We will accommodate your reasonable requests. Your request must specify how or where you wish to be contacted. Access to Personal Health Information: You have the right to inspect and obtain a copy of your clinical or billing records or other written information that may be used to make decisions about your care, subject to some exceptions. Your request must be made in writing. In most cases we may charge a reasonable fee for our costs in copying and mailing your requested information. If you are denied access to health information, in some cases you have a right to request review of the denial.

Request Amendment: You have the right to request amendment of your health information maintained by us for as long as the information is kept by or for us. Your request must be made in writing and must state the reason for the requested amendment. We may deny your request for amendment if the information. If we deny your request for amendment, we will give you a written denial including the reasons for the denial and the right to submit a written statement disagreeing with the denial.

Request an Accounting of Disclosures: You have the right to request an “accounting”, or list of certain disclosures of your health information within the last six (6) years. o your Authorization, and certain other exceptions. To request this list or an accounting of disclosures, you must submit a request in writing, for dates after April 13, 2003. The first accounting provided within a 12-month period will be free; for further requests, we may charge you our costs.

Request a Paper Copy of This Notice: You have the right to obtain a paper copy of this Notice, even if you have agreed to receive this Notice electronically. You may request a copy of this Notice at any time.

Breach Notifications

Nuvance Health makes every effort to secure your health information, including the use of encryption whenever possible. In the event that any of your health information that has not been encrypted is the subject of a breach, we will provide you with a written or electronic notification about the breach as required by federal law.

For Further Information or to File a Privacy Complaint

To obtain a copy of the most current Notice, to exercise any of your rights described in this Notice, or to receive further information about the privacy of your medical information, you may contact Nuvance Health’s Privacy Officer at:

HIPAA Privacy and Security Officer

Corporate Compliance Office

Nuvance Health

100 Reserve Road

Danbury, CT 06810

Compliance Hotline: (844) 650-1212

To obtain further information about the federal privacy rules or to submit a complaint to the Department of Health and Human Services, you may contact the Department of Health and Human Services  electronic mail at (ocrmail@hhs.gov), or at the following:

Region II: New York

Regional Manager Office for Civil Rights

U.S. Department of Health and Human Services

Jacob Javitz Federal Building

26 Federal Plaza, Suite 3312 New York, NY 10278

Phone: (800) 368-1019 | Fax: (202) 619-3818 | TDD: (800) 537-7697

Electronic Copy of This Notice. You may obtain an electronic copy of the most current version of this Notice here.

Changes to This Notice

We reserve the right to change this Notice and to make the revised or new Notice provisions effective for all health information already received and maintained by us as well as for all health information we receive in the future. We will provide a copy of the revised Notice upon request.

Effective March 4, 2021