Skip to main content

Notice of Privacy Practices

This Notice of Privacy Practices ("Notice") describes how medical information about you may be used and disclosed, and how you can obtain access to this information.

Please review carefully.

1. Our Responsibilities

River Hospital is committed to protecting the privacy and security of your Protected Health Information (PHI). We are required by the Health Insurance Portability and Accountability Act (HIPAA) to:

  • Maintain the privacy of your PHI
  • Provide you with this Notice of our legal duties and privacy practices
  • Notify you in the event of a breach of your unsecured PHI
  • Abide by the terms of this Notice
  • Make updates to this Notice available to you when changes occur

2. Your Rights

As a patient, you have the following rights under federal law:

Access Your Medical Records (45 CFR § 164.524)

  • You may request to review or obtain a copy of your medical records, such as lab reports, discharge summaries, or visit notes.

Request Corrections to Your Medical Records (45 CFR § 164.526)

  • If you believe information in your records is incomplete or inaccurate, for example, an incorrect allergy, you may request a correction.

Request Confidential Communications (45 CFR § 164.522(b)

  • You may request that we contact you using an alternative address, telephone number, or method, for instance, only contacting you by mail at a P.O. box.

Request Restrictions on Use or Disclosure (45 CFR § 164.522(a)

  • You may ask us not to use or share certain information for treatment, payment, or operations, such as asking us not to tell your health plan about a service you paid for out-of-pocket.

Receive an Accounting of Disclosures (45 CFR § 164.528)

  • You may request a list of certain disclosures we have made of your PHI, such as when we are required to share data with public health agencies or oversight bodies.

Obtain a Copy of This Notice

  • You may request a physical or electronic copy of this Notice at any time.

Designate a Personal Representative

  • If you have a healthcare proxy or legal guardian, that person may act on your behalf regarding your PHI.

File a Complaint

  • If you believe your privacy rights have been violated, you may file a complaint with the River Hospital Corporate Compliance & Privacy Officer or the U.S. Department of Health and Human Services, without fear of retaliation.

3. How We May Use and Disclose PHI

River Hospital is permitted to use and disclose your PHI without your written authorization for the following purposes, as outlined under HIPAA regulations:

Treatment

  • We may use and disclose your PHI to provide and coordinate care. For example, we may share your test results with your primary care physician or refer you to a specialist.

Payment

  • We may use your PHI to bill you or your insurance. For example, we may send your insurance provider a bill that includes your name, diagnosis, and procedures performed.

Healthcare Operations

  • We may use your PHI to evaluate the quality of care we provide. For example, we may review your records to improve clinical practices or train staff.

Public Health

  • We may report health information to public health agencies to help prevent or control disease. For example, we may report cases of measles or other contagious diseases.

Health Oversight

  • We may provide PHI to oversight agencies for audits or inspections. For example, the Department of Health may request information to ensure compliance with regulations.

Law Enforcement

  • We may release PHI to law enforcement if required. For example, we may respond to a court order or help locate a missing person.

Judicial Proceedings

  • We may disclose PHI during legal proceedings. For example, we may provide records in response to a subpoena if proper legal safeguards are met.

Research

  • We may share limited PHI with researchers if their study meets federal privacy standards. For example, research approved by an IRB may use de-identified data.

Organ and Tissue Donation

  • We may release PHI to organizations that manage organ donation. For example, we may share information with a transplant registry.

Coroners and Medical Examiners

  • We may disclose PHI to determine the cause of death or for identification purposes.

Correctional Institutions

  • If you are in custody, we may share PHI necessary for your care or to protect others.

To Avert Serious Threats

  • We may use PHI to prevent harm. For example, if you threaten to harm yourself or others, we may contact law enforcement or mental health professionals.

Victims of Abuse or Neglect

  • We may report PHI if we suspect abuse, neglect, or domestic violence, as required by law.

Military and National Security

  • We may share PHI with military or federal authorities if you are in the armed forces or for national security purposes.

Business Associates

  • We may share PHI with contracted vendors (e.g., billing companies), but they must protect your data through agreements with us.

De-Identification

  • We may use your information to create data that no longer identifies you. Once de-identified, this data is not protected by HIPAA.

Breach Notification

  • We will notify you promptly if there is a breach of your unsecured PHI as required under 45 CFR § 164.404.

4. Other Uses and Disclosures Permitted Without Authorization

Appointment Reminders and Health-Related Benefits

  • We may use your PHI to contact you with reminders about upcoming appointments or to provide information about treatment alternatives or health-related benefits and services that may be of interest to you.

Fundraising Activities

  • We may use limited information (name, address, and treatment dates) to contact you for fundraising efforts and to support River Hospital's mission. You have the right to opt out of receiving fundraiser communications at any time. Contact River Hospital’s Marketing Director at 315.482.1270.

5. Uses and Disclosures That Require Your Authorization

We will obtain your written authorization before using or disclosing your PHI for purposes not permitted by law. This includes most marketing, the sale of your PHI, and use of psychotherapy notes. You may revoke your authorization in writing at any time.

6. Special Protections

In accordance with 45 CFR § 164.502(f), River Hospital is prohibited from disclosing PHI related to lawful reproductive healthcare for investigative or legal purposes unless required by law and under specific conditions.

7. New York State Specific Rights

In addition to federal protections, you have the following rights under New York State law:

  • You have the right to access your records under NYS Public Health Law § 18.
  • Consent for payment must be obtained separately from consent to treatment (effective October 20, 2024).
  • Pregnant employees are entitled to 20 hours of paid leave for prenatal visits (effective January 1, 2025).

8. Changes to This Notice

River Hospital reserves the right to revise this Notice at any time, and to apply the revised Notice to all PHI that we maintain. The most current version will be made available at our facility and on our website.

9. Complaints and Contact Information

If you believe your privacy rights have been violated, you may file a complaint with the River Hospital Corporate Compliance & Privacy Officer or the U.S. Department of Health and Human Services. River Hospital will not retaliate against any individual for filing a complaint.

Corporate Compliance & Privacy Officer

  • 315.482.1115

Corporate Compliance Hotline

  • 24 hours a day, 7 days a week
  • 315.482.1190

Anonymous Reporting

  • Individuals may submit anonymous and confidential incident reports via River Hospital’s website by visiting the “About” section, selecting “Compliance” and clicking “Anonymous/Confidential Incident Report.

You may also file a complaint with the U.S. Department of Health and Human Services at www.hhs.gov/ocr/privacy/hipaa/complaints/.