This notice describes how medical information about you may be used and disclosed and how you get access to this information. Please review it carefully.
Federal law requires Hospital Sisters Health System (HSHS) and our health care providers to maintain the privacy of your Protected Health Information (PHI). We are required by law to give you this notice and to comply with the terms and conditions of the most current notice. We reserve the right to change the terms of this notice and to make the new notice terms apply to all of your PHI we maintain. We will make you aware of our new notice terms by updating our Notice of Privacy Practices posted on our website and at our facility.
HSHS and entities under common ownership and control align with the medical staff and allied health professionals providing treatment at our facilities work together in an Organized Health Care Arrangement (OHCA). As part of the OHCA, we share your PHI as necessary for your treatment, to get paid for services, and to carry out other health care operations such as quality assessment and improvement. This joint notice describes how the health care professionals and workforce members, including colleagues, medical staff members, students and volunteers, participating in the OHCA use and disclose your health information. A Notice of Privacy Practice provided to you by any one of the following will also satisfy the HIPAA requirement to provide you with this notice.
The entities participating in the HSHS OHCA include:
In Illinois: St. Elizabeth’s Hospital, O'Fallon; Imaging Center Belleville; Sleep Disorder Center; St. Joseph’s Hospital, Breese; St. Joseph’s Hospital Immediate Care 365; St. Joseph’s Hospital, Highland; Holy Family Hospital, Greenville; St. Mary’s Hospital, Decatur; Good Shepherd Hospital, Shelbyville; St. Anthony’s Memorial Hospital, Effingham; Home Care Southern Illinois; Hospice Southern Illinois; St. John’s Hospital, Springfield; St. John’s Hospital Home Health; St. John’s Hospice; St. John’s Hospital Home Infusion; St. John’s Surgery Center, Montvale; St. John’s Surgery Suites; Prairie Diagnostic Center at St. John’s Hospital; St. John’s Children’s Hospital; St. Francis Hospital, Litchfield; Clinton County Rural Health; Prairie Cardiovascular Consultants; HSHS Medical Group; Joslin Diabetes Center – Affiliate at HSHS Medical Group
In Wisconsin: St. Vincent Hospital, St. Vincent Home Health Care, St. Vincent Hospital Renal Dialysis Center and St. Mary’s Hospital Medical Center in Green Bay; St. Nicholas Hospital, St. Nicholas Home Health & Hospice and St. Nicholas Hospital Renal Dialysis Center in Sheboygan; St. Clare Memorial Hospital in Oconto Falls; Sacred Heart Hospital; and Sacred Heart Renal Dialysis Center in Eau Claire and Chippewa Falls; St. Joseph’s Hospital and St. Joseph’s Home Health & Hospice in Chippewa Falls; St. Joseph’s Hospital Wound Care in Chippewa Falls and Eau Claire; LE Phillips-Libertas Treatment Center in Chippewa Falls; and Libertas Treatment Center in Green Bay; St. Clare Memorial Hospital affiliated Clinics, Prevea Health; and St. Gianna Clinic.
If you are unsure if your health care provider is part of this notice or you have additional questions regarding our privacy policies you may contact our Privacy Officer.
Each time you receive care, information may be documented electronically or on paper. The information we document includes identification and financial information as well as medical information such as your symptoms, diagnoses, test results, physical examination, and information about your treatment. This information allows us to:
Plan for your care and treatment
Communicate information among your health care professionals
Legally record the care you receive
Verify that services were provided
Evaluate and improve the care we provide and the outcomes we achieve
Provide a source of information for important health related research
Educate health professionals and students
Provide information for the hospital’s planning and operations
BY LAW, WE ARE ABLE TO USE OR DISCLOSE YOUR HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION FOR THE FOLLOWING PURPOSES:
Treatment. We may disclose in person, by phone, mail, fax or electronically PHI about you to physicians, nurses, technicians, or other personnel who are involved in your care or treatment. For example, a physician may use the information in your medical record to determine which treatment option, such as a drug or surgery, best addresses your health needs. This information is documented in your medical record so that other health care providers may make informed decisions about your care. As required by Illinois and Wisconsin law we will obtain your authorization before disclosing psychotherapy notes or HIV test results to other health care professionals for treatment purposes.
Payment. We may use or disclose your PHI to bill and collect payment from you, your insurance company or other parties responsible for paying for your services. For example, we may disclose your diagnosis, treatment plan, results, and/or treatment progress to your health insurer in order to receive payment, unless otherwise restricted as further described in this notice. As required by Illinois and Wisconsin law we will obtain your authorization before disclosing psychotherapy notes or HIV test results for payment purposes.
Health Care Operations. We may use your PHI to assist us in improving the quality or cost of care we provide. This may include evaluating the care provided by your physicians, nurses and other health care professionals, or comparing the effectiveness of your treatment to patients in similar situations. We may also use your health information to educate students preparing for health-related careers and to further educate our current employees. We may disclose your PHI to accreditation, certification and licensing organizations who review the quality of our services.
Facility Directory. Unless you object, when you are admitted as an inpatient or for short stay services we will include your name, location in our facility and religious affiliation in our directory. We may provide the information in our directory to anyone who asks for you by name or to your church if requested.
Notification and Communication with Family and Friends. We may disclose your PHI to a family member, your personal representative or other person responsible for your care or payment for your care, to notify them of your location, general condition, or death. We may also disclose your PHI for notification purposes to public or private entities assisting in disaster relief efforts. We will give you the opportunity to agree or object before disclosing your information in these situations. If you are unable to agree or object to a disclosure, or in cases of emergency, we will use our best judgment in communicating with your family and others.
Communications to you. We may use your information to remind you of appointments, give you test results, or recommend treatment alternatives or wellness services that may be of interest to you or provide you with surveys regarding your care.
Judicial and Administrative Proceedings. We may disclose your health information in response to a court order. Under most circumstances when the request is made through a subpoena, a discovery request or involves another type of administrative order, your authorization will be obtained before disclosure is permitted.
Required or Permitted by Law. We may disclose PHI to law enforcement officials for purposes such as identifying or locating a suspect, fugitive or missing person, victims of abuse, neglect or complying with a court order or other law enforcement purposes. In addition, as required by law we may disclose PHI to the proper authorities for patient's in the custody of law enforcement or in a correctional institute.
Public Health Activities. We may disclose your PHI for public health activities. These activities generally include but are not limited to the following: to prevent or control disease, injury, or disability; to report deaths; to report to cancer registries or other similar registries; to report reactions to medications or problems with products; to notify people of recalls of products they may be using; to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
Health Oversight Activities. We may disclose your PHI to health oversight agencies responsible for overseeing our operations; this may include audit, investigation, and inspection related to oversight of the health care system or government benefit programs. For example, we may disclose your PHI to regulatory agencies conducting a review of our quality of care.
Death. We may disclose PHI to funeral directors as needed and to coroners or medical examiners to identify a deceased person, determine cause of death, or perform other functions required by law. For example, we may provide HIV test results to a funeral director or other persons who prepare a body for burial.
Organ, Eye or Tissue Donation. We may disclose PHI to facilitate the donation and transplantation of organs, eyes and tissue.
Research. We may use and disclose your PHI to conduct research only under certain circumstances and after a special approval process.
Philanthropy. We may use your information, including but not limited to name, address, gender, date of birth, treating physician, department of service and outcome information, to contact you for our own fundraising purposes which support important activities of our hospital ministries through the Hospital Sisters of St. Francis Foundation. You may opt out of receiving fundraising communications from us at any time.
Serious Threat to Health or Safety. We may disclose your PHI to the necessary authorities if we believe in good faith that it will prevent or lessen a serious and imminent threat to the health and safety of you or the public. For example, we may disclose your PHI to the Department of Transportation if your medical condition affects your ability to safely drive a car.
Essential Government Functions. We may use or disclose PHI to carry out certain essential government functions. For example, we may disclose PHI to a government agency for national security or intelligence activities, correctional institution and other law enforcement as required by law.
Worker’s Compensation. We may disclose your PHI to the appropriate persons in compliance with workers’ compensation laws. For example, we may provide your employer with information about your work-related injury.
Shared Medical Record/Health Information Exchange. We may maintain your PHI in a shared electronic medical record. You may obtain a ist of participants utilizing the shared electronic medical record by contacting the Privacy Officer. Unless you object, we may also submit your PHI to an electronic health information exchange (HIE). Participation in an HIE allows us and other providers to see and use information about you for your treatment, payment and health care operations.
Marketing and Sales. We will obtain your authorization before using your PHI for marketing or sales purposes, as required by law. For example, we will obtain your authorization if we want to use your PHI in an article about the hospital. You may revoke this authorization at any time.
Other Uses of Your PHI. We will ask for your written authorization before using or disclosing your PHI for situations not described in this notice. You may revoke your authorization at any time.
YOUR HEALTH INFORMATION RIGHTS.
You have the right to:
Inspect and Obtain a Copy of Your PHI. With a few exceptions, you have the right to review and obtain a copy of your PHI. If we deny your request for review or copy you have the right to have our denial reviewed. We may charge a reasonable cost-based fee for copying and mailing your PHI. Please contact our Health Information Management department to review or request a copy of your PHI.
Request an Amendment of Your PHI. If you believe your PHI is incorrect you have the right to request we amend it. We will review your request and notify you in writing of our final decision. If we deny your request you may appeal our decision. Please send your written amendment request to our Privacy Officer.
Request Restrictions on Certain Uses and Disclosures. You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, health care operations, communications to family or friends or disclosure to disaster relief agencies. We are not required to agree to or grant restriction requests. We will honor your request to restrict disclosure of your PHI to your health plan for payment and healthcare operations purposes and if not otherwise required by law when you or someone on your behalf pays for your services in full. Please forward your written restriction request to our Privacy Officer.
Medical Device Tracking. If you receive certain medical devices, you may restrict release of your name, address, telephone number, social security number or other identifying information used for tracking the medical device.
Request to Receive Confidential Communications of Health Information. You have the right to receive your PHI through a certain method or at a certain location. Please make your request at the time of registration or send a written request to our Privacy Officer.
Receive an Accounting of Disclosures of Your PHI. You have the right to request an accounting of certain types of disclosures of your PHI. We will provide you with the first accounting in a 12-month period for free; we will charge the cost of producing the information for all other requests. Please contact our Privacy Officer to request an accounting.
Receive a Copy of This Notice. You have the right to receive a copy of our Notice of Privacy Practice. We may change our privacy practices described in this notice at any time. Changes to our privacy practices apply to all PHI we maintain. You may choose to review our current notice on our websites, at the registration/admitting desk of any of our facilities, or by contacting the Privacy Officer.
Receive Notice of a Breach of Your PHI. As required by law, you have the right to receive notification if your health information is acquired, accessed, used or disclosed in an unauthorized manner.
File a Complaint. You have the right to file a complaint. If you are concerned that your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services Office of Civil Rights. Your complaint will not affect the care and services we provide you in the present or in the future. To file a complaint with us please contact the Privacy Officer at:
Hospital Sisters Health System
Attn: Privacy Officer
4936 Laverna Road
Springfield, Illinois 62794-9456
This Notice of Privacy Practices is effective March 11, 2020 and will remain in effect until we revise it.
HSHS does not discriminate on the basis of race, color, national origin, sex, age or disability in its health programs and activities.
ATENCIÓN: si habla español, tiene a su disposición servicios gratuitos de asistencia lingüística. Llame al:
UWAGA: Jeżeli mówisz po polsku, możesz skorzystać z bezpłatnej pomocy językowej. Zadzwoń pod numer:
Note: This policy relates specifically to our website. For HIPAA Notice of Privacy Practices, please see above.
The websites and services provided through the website (this “Site”) are provided by Hospital Sisters Health System and its affiliates (“We,” “Us” or “Our”). You (“You” or “Your”) have a limited right to access and use the Site for Your noncommercial, personal use and information only.
What Information Do We Collect?
Information that You provide to Us. For example, You provide information when you:
- Fill out forms on the Site
- Provide information to open an account
- Communicate with us by phone, email or chat
- Respond to surveys.
Some areas of the Site are available without opening an account. Other areas of the Site cannot be accessed without registering, which requires you to provide personal information to us. This personal information may include your:
- Phone number
- e-mail address
- Information pertaining to Your health
- Information related to Your employment or affiliation with Us
- Other demographic information, such as
- Your ZIP code
- Preferences, interests and favorites.
- Information about Your visit to the Site.
For example, we may collect:
- Information about the network You use to access the Internet, such as the domain and the host information.
- Information about computer or mobile device that you are using, including the IP address, location data, browser, and operating system.
- Information about which pages on our Site you visit.
How We Use Information
We do not sell or license your information. We use the information You provide and We collect to:
- Operate the Site
- Provide the services You request.
- Administer the Site and diagnose problems with Our server and networks;
- Verify Your identity;
- Provide You with information about the Site;
- Measure the number of visitors to the Site and how the Site is used in order to make the Site as useful as possible to Our visitors;
- Deliver customized content and advertising to You;
- Provide authorities or relevant individuals with information related to the Site as required by law; and
- Fulfill any other purpose for which You provide information.
These are the limited ways we interact with your information in connection with our mobile applications:
- When you choose to add a profile photo to our mobile applications, you may select an existing photo on your device or take a new photo using the camera app on your device. If you select an existing photo on your device, we store a copy of your chosen photo in app-private storage on your device. If you use the camera app on your device to take a new photo, the photo you take is first saved to your camera app and then also saved to app-private storage on your device. If you remove the photo from your profile or delete our mobile apps, the copy of the photo is deleted from the app-private storage, but the photo saved to your camera app remains available in your camera app until you choose to delete it. If you already have a photo stored in your profile through your healthcare organization – we do not interact with that photo in any way.
- When you choose to use Apple’s HealthKit or Google Fit, we create encrypted identifiers to identify recipients of your Apple’s HealthKit or Google Fit data and store them on your device in app-private storage. If you choose to stop using Apple HealthKit or Google Fit or delete our mobile apps, the identifiers are deleted.
- When you choose to view documents from your healthcare organization (such as letters or images) using our mobile apps, to make the files viewable for you we temporarily store copies on your device in app-private storage. The temporary copies are deleted when you close your session on our mobile apps.
- If your healthcare organization offers automatic appointment arrival and you choose to enable it, we temporarily store identifiers and times for your upcoming appointments in app-private storage to detect when you arrive for an upcoming appointment. If you choose to stop using our mobile apps or you disable automatic appointment arrival, the identifiers are deleted.
- If your healthcare organization offers location-based check in for in-person appointments, or allows you to find healthcare providers near you, you may choose to allow our mobile apps to interact with your location data for those purposes. We do not store your location data.
- If your healthcare organization allows you to notify front desk staff electronically when you arrive for an appointment, you may choose to allow our mobile apps to interact with your Bluetooth data for this purpose. We do not store your Bluetooth data.
- While you use our apps, we collect non-identifying information so we can provide customer service to you or your healthcare organization and understand how people use our mobile apps so we can improve our products. This information includes the time you began using the app, the healthcare organization you interacted with, any error messages or codes, the model of device used and its operating system, and the version of our mobile app used. If you use Android devices, we also collect your connection type (cellular or WiFi) during an error.
- You may contact us through the methods listed on Our Website. If you contact us, we may keep a record of the communication. You can decide how much information you want to share with us in those cases.
Your Healthcare Organizations
How Can We Share Information?
We do not use or disclose sensitive personal information, such as race, religion, or political affiliations, without Your express consent.
We expect that all collection, use and disclosure of Your information will occur in the United States and will be governed by United States law; however, some information may travel over the Internet outside of the United States. Even if some information does travel outside the United States, You agree that the laws of the United States will apply.
Any Other Sharing of Information?
We will not sell or rent Your information to anyone, but We may share Your basic demographic information (such as your name, IP address, and physical or email address) with others, such as Our subsidiaries, contractors, trusted partners and affiliates as necessary to operate Our business, and as permitted by law.
If We share data with trusted partners to help Us perform statistical analysis, send You email or postal mail, provide customer support, or arrange for deliveries, such third parties are prohibited from using Your personal information except to provide these services to Us, and they are required to maintain the confidentiality of Your information.
We do not share Your personal information with third parties for their direct marketing purposes.
What About Aggregated Data?
We may aggregate (combine) data about visitors to Our Site in a non-identifiable manner and use it for Our business purposes unrelated to Your use of the Site.
- For example, We may aggregate data for product development and improvement activities and disclose such aggregated data to third parties.
- No personally identifiable information is available or used in this process.
- We may use information You provide to promote the products or services of strategic partners, but will not directly provide Your personally identifiable information to these strategic partners for promotional purposes.
What About Governmental and Legal Disclosures?
Except as described above, We do not disclose the identities of visitors or users of the Site unless legally required to do so, or unless We believe, in good faith, that sharing is necessary:
- to protect Your safety or the safety of others,
- to protect Our rights,
- to investigate fraud, or
- to respond to a government request.
We will respond to any subpoena received from a government agency (i.e., the Securities and Exchange Commission or law enforcement agencies) without prior notice to You. Unless prohibited by law or by a valid court order, We will attempt to notify You of any subpoena received from any other party (i.e., for civil litigation) which requires Us to disclose Your identity, and will wait ten (10) days, or a lesser amount of time as required by the deadline in the subpoena, before providing the information requested by the subpoena.
What About Other Information and Websites?
We do not control these third parties' tracking technologies or how they may be used. You should review the privacy policies posted on these websites carefully before providing any information. We are not responsible for the privacy policies or the content of any other websites. If You have any questions about an advertisement or other targeted content, You should contact the responsible provider directly.
What About Do Not Track?
What About Compliance with COPPA?
The Site is not directed at children under the age of 13. We comply with the Children's Online Privacy Protection Act ("COPPA") and do not knowingly permit registration or submission of personally identifiable information by anyone under 13 years of age. This age requirement is posted each time We request personally identifiable information. If You believe information of a child under 13 has been submitted, please advise Us in writing and We will delete it.
What About International Privacy Laws?
If you are visiting our websites from outside the United States, please be aware that you are sending information (including personal data) to the United States, where our servers are located. That information may then be transferred within the United States or back out of the United States to other countries.
All data collected by through the Site will be stored exclusively in secure hosting facilities provided by Us or Our service providers. We have data processing agreements in place with Our service providers consistent with applicable privacy and data security laws.
Hospital Sisters Health System and its affiliates are located in, and provide services in, the United States, and are governed by United States law. For visitors from the European Union, countries outside of the EU (such as the United States) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence. The United States has not been issued an adequacy decision finding the data privacy laws to provide an adequate level of protection, and no other basis for transfer exists. Therefore, the collection and transfer of data will occur on one of the following bases, depending on the type of transfer and the surrounding factual situation:
The transfer is necessary for performance of a contract between you and an Hospital Sisters Health System entity. This will apply when, for example, you are buying a product or signing up for information.
The transfer is necessary for the conclusion or performance of a contract between Hospital Sisters Health System and another person or entity, that is in your interest. This will apply when, for example, you request a product or further information from a third party through our Site.
The transfer is necessary for the establishment, exercise, or defense of legal claims. This would apply if there developed a dispute between you and an Hospital Sisters Health System entity.
What About Marketing Use?
You agree that We can store information that You provide to us on a form and use it to assist You in making an appointment, providing other services, or for future marketing purposes.
How Secure is the Site?
The Site has security measures in place to protect against the loss, misuse or alteration of information under Our control. However, no security is perfect, and no security system can prevent all security breaches. You transmit information to Us at Your own risk. You acknowledge that the Site is not HIPAA compliant. You should not store or transmit Protected Health Information on this Site. You acknowledge and agree that the Site is not intended to provide any medical advice. We are not Your business associate under HIPAA as a result of Your use of the Site.
Can You Change this Policy?
How Can You Contact Us?
Hospital Sisters Health System
Attn: Privacy Officer
4936 Laverna Road
Springfield, Illinois 62794-9456
We will use commercially reasonable efforts to promptly respond to Your inquiry, and if necessary determine and remedy any problem.
What If My Information is Wrong?
You may write to us at the contact address above if you believe information you have submitted to us through the Site is incorrect. We may not be able to correct that information, because, for example, we did not save the information in question, or because we do not yet have a process to update the information.
Can I Get a Copy of My Information?
You may write to use at the contact address above to request a copy of the information you have submitted or We have collected about you through the Site. If we are able to collect and provide the information, we will do so. In some cases, we may not be able to collect and provide the information, because of the way the data is used and stored.