Notice of Privacy Practices

Notice of Privacy Practices

Our Pledge Regarding Health Information

We understand that information about you and your health is personal. We are committed to protecting your health information. We create a record of the care and services you receive throughout Tower Health. We need this record to provide you with quality care and to comply with legal requirements.



This notice applies to all of the records of your care generated by Tower Health entities. This notice will tell you about the ways in which we may use and disclose health information about you. It also describes your rights and certain obligations we have regarding the use and disclosure of health information.

Who Will Follow This Notice

The terms of this Notice of Privacy Practices apply to the following entities owned and operated by and/or affiliated with Tower Health, participating in an organized healthcare arrangement: Phoenixville Hospital, Pottstown Hospital, Reading Hospital (including Reading Hospital Rehabilitation at Wyomissing), Tower Health at Home, Tower Health Urgent Care, TowerDirect, St. Christopher’s Hospital for Children, and related covered entities; Tower Health Medical Group and their respective outpatient departments and facilities; and the physicians, licensed professionals, employees, contractors, volunteers, and trainees seeing and treating patients at each of these care settings. These entities may share protected health information (PHI) with each other as necessary to carry out treatment, payment or healthcare operations relating to the organized healthcare arrangement unless otherwise limited by law, rule, or regulation. This Notice of Privacy Practice does not apply when visiting a non-affiliated office practice.

We Are Required by Law to:

  • Make sure that health information that identifies you is kept private
  • Give you this notice of our legal duties and privacy practices with respect to health information about you
  • Follow the terms of the notice that is currently in effect


The following categories describe different ways that we use and disclose health information. For each category of uses or disclosures, we will explain what we mean and may give examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.


For Treatment

We may use health information about you to provide you with medical treatment or services. We may disclose health information about you to doctors, nurses, technologists, therapists, medical students, or other Tower Health-affiliated personnel who are involved in taking care of you.


For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietitian so we can arrange appropriate meals.


Different departments of Tower Health may share health information about you in order to coordinate the different things you need, such as prescriptions, lab tests, and X-rays. We may also disclose health information about you to people outside Tower Health who may be involved in your medical care after you leave a Tower Health-affiliated hospital, such as family members, clergy, or others we use to provide services that are part of your care.


For Payment

We may use and disclose health information about you so the treatment and services you receive may be billed to you and payment may be collected from you, an insurance company or another party.


For example, we may need to give your health plan information about surgery you received at a Tower Health-affiliated hospital so your health plan will pay us or reimburse you for the surgery.


We may also tell your health plan about the treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.


For Healthcare Operations

We may use and disclose health information about you for healthcare operations. These uses and disclosures are necessary to run the Tower Health entities and make sure that all our patients receive quality care. For example:


  • We may use health information to review our treatment and services and to evaluate the performance of our staff in caring for you.
  • We may also combine health information about many patients to decide what additional services should be offered, what services are not needed and whether certain new treatments are effective.
  • We may also disclose information to doctors, nurses, technologists, therapists, medical students and other hospital personnel for review and learning purposes.
  • We may also combine the health information we have with health information from other hospitals to compare how we are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of health information so others may use it to study healthcare and healthcare delivery without learning who the specific patients are.


For Health Information Exchanges

Tower Health entities participate with health information exchanges (HIEs), which makes it possible to share your health information electronically through a secure connected network.


We may share or disclose your health information to secure HIEs, including HIEs contracted with the Commonwealth of Pennsylvania, and even HIEs in other states.


Other healthcare providers, including physicians, hospitals, and other healthcare facilities that are also connected to the same HIE network as Tower Health entities, can access your health information for treatment, payment, and other authorized purposes, to the extent permitted by law.


You have the right to “opt out” or decline to participate in having us share your health information through networked HIEs. At the time of registration, you will be given the option to opt out by signing a form.


Appointment Reminders

We may use and disclose health information to contact you as a reminder that you have an appointment for treatment or medical care at a Tower Health-affiliated hospital or practice.


Treatment Alternatives

We may use and disclose health information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.


Health-Related Benefits and Services

We may use and disclose health information to tell you about health-related benefits or services that may be of interest to you.


Fundraising Activities

We may contact you about fundraising activities for Tower Health and affiliated entities. You have the right to opt out of receiving fundraising communications. If you do not want to be contacted for fundraising efforts, you must notify the Privacy Officer in writing or via email at optout@towerhealth.org.


Marketing Activities

Written authorization is required prior to using or disclosing your PHI for marketing activities that are supported by payments from third parties. Your written authorization is not required in the following circumstances:


  • The communication is face-to-face or consists of a promotional gift of nominal value provided by a Tower Health entity
  • Communications about a drug or biological or refill reminders for medication that the patient is currently taking/being prescribed
  • Communications that involve general health promotion, such as community events and health screenings
  • Communications about case management and helping you find a physician, rather than the promotion of a specific product or service
  • Communications about government and government-sponsored programs.


Hospital Directory

Unless you tell us that you object, we may include certain limited information about you in the hospital directory while you are a patient at Phoenixville Hospital, Pottstown Hospital, Reading Hospital or Reading Hospital Rehabilitation at Wyomissing, or St. Christopher’s Hospital for Children. This information may include your name, location in the hospital, your general condition (good, fair, poor, critical), and your religious affiliation. It may be released to the clergy or other people who ask for you by name. This directory information is so that family, friends, and clergy can visit you in the hospital and generally know how you are doing.


Individuals Involved in Your Care or Payment for Your Care

We may release health information about you to a friend or family member who is involved in your care. We may also tell your family or friends your condition and that you are in the hospital.


In addition, we may disclose health information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.


Research

Under certain circumstances, we may use and disclose health information about you for research purposes.


For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of health information, trying to balance the research needs with patients’ needs for the privacy of their health information. Before we use or disclose health information for research, the project will have been approved through this research approval process.


We may, however, disclose health information about you to people preparing to conduct a research project to help them look for patients with specific medical needs, so long as the health information they review does not leave Tower Health.


We will almost always ask for your specific permission if the researcher will have access to your name, address or other information that reveals who you are or who will be involved in your care at Tower Health.


As Required by Law

We will disclose health information about you when required to do so by federal, state, or local law.


To Avert a Serious Threat to Health or Safety

We may use and disclose health information about you when necessary to prevent serious threat to your health and safety, or to the health and safety of the public or another person. Any disclosure, however, would only be to someone who is able to help prevent the threat.

Special Situations

Business Associates

We contract with certain outside persons or organizations to perform certain services on our behalf, such as auditing, accreditation, legal services, etc. At times it may be necessary for us to provide your PHI to one or more of these outside persons or organizations. In such cases, we require these business associates and any of their subcontractors to enter into written agreements to require the business associate to appropriately safeguard the privacy of your information.


Organ and Tissue Donation

If you are an organ donor, we may release health information to organizations that handle organ procurement or organ, eye or tissue transplantation, or to an organ donation bank in order to facilitate organ or tissue donation and transplantation.


Military and Veterans

If you are a member of the armed forces, we may release health information about you as required by military command authorities.


We may also release health information about foreign military personnel to the appropriate foreign military authority.


Workers’ Compensation

We may release health information about you for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.


Public Health Risks

We may disclose health information about you for public health activities. These activities generally include the following:


  • To prevent or control disease, injury, or disability
  • To report births and deaths
  • To report child abuse or neglect
  • To report reactions to medications or problems with products
  • To notify people of recalls of products they may be using
  • To notify a person who may have been exposed to a disease, or may be at risk for contracting or spreading a disease or condition
  • To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence. 


We will make this disclosure only if you agree, or when required or authorized by law.


Health Oversight Activities

We may disclose health information to a health oversight agency for activities authorized by law. These oversight activities include audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the healthcare system, government programs, and compliance with civil rights laws.


Lawsuits and Disputes

If you are involved in a lawsuit or a dispute, we may disclose health information about you in response to a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.


Law Enforcement

We may release health information if asked to do so by a law enforcement official:


  • In response to a court order, subpoena, warrant, summons, or similar process
  • To identify or locate a suspect, fugitive, material witness, or missing person
  • About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement
  • About a death we believe may be the result of criminal conduct
  • About criminal conduct that occurs on property of a Tower Health affiliated entity
  • In emergency circumstances to report a crime, the location or victims of the crime, or the identity, description, or location of the person who committed the crime


Coroners, Medical Examiners, and Funeral Directors

We may release health information to a coroner or medical examiner. This may be necessary to identify a deceased person or determine the cause of death.


We may also release health information about patients of Tower Health-affiliated hospitals to funeral directors as necessary to carry out their duties.


National Security and Intelligence Activities

We may release health information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.


Protective Services for the President and Others

We may disclose health information about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state, or in order to conduct special investigations.


Inmates

If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release health information about you to the correctional institution or law enforcement official. This release would be necessary for the institution to provide you with healthcare and to protect your health and safety or the health and safety of others.

Your Rights Regarding Health Information About You

You have the following rights regarding health information we maintain about you.


Right to Inspect and Copy

  • You have the right to inspect and copy health information that may be used to make decisions about your care. Usually, this includes medical and billing records, but does not include psychotherapy notes.
  • To inspect and copy health information that may be used to make decisions about you, you must submit your request in writing to the Health Information Management Department at Tower Health. If you request a copy of the information, we may charge a fee for the costs of copying, mailing, or other supplies associated with your request.
  • We may deny your request to inspect and copy health information, and you may request that the denial be reviewed. Another licensed healthcare professional chosen by Tower Health will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
  • Limited portions of your medical information are available electronically through a Tower Health service called MyChart. Visit mychart.towerhealth.org for more information.


Right to Request Amendment

  • If you feel that health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for Tower Health.
  • To request an amendment, your request must be made in writing and submitted to the Director of Health Information Management at Tower Health. In addition, you must provide a reason that supports your request.
  • We have the right to deny your request for an amendment if it is not in writing or does not include a reason to support the request.
  • Additionally, we may deny your request if you ask us to amend information that: 
  • Was not created by us, unless the person or entity that created the information is no longer available to make the amendment
  • Is not part of the information that you would be permitted to inspect and copy
  • Is accurate and complete


Right to an Accounting of Disclosures

  • You have the right to request an “accounting of disclosures.” This is a list of the disclosures we made of health information about you.
  • To request this list or accounting of disclosures, you must submit your request in writing to the Privacy Officer at the affiliated hospital. Your request must state a time period, which may not be longer than six years and may not include dates before April 14, 2003. Your request should indicate in what form you want the list—paper or electronic copy.
  • The first list you request within a 12-month period will be free.
  • For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved, and you may choose to withdraw or modify your request at that time before any costs are incurred.


Right to Breach Notification

We are required to notify you in writing of any breach of your unsecured PHI without unreasonable delay, but in any event, no later than 60 days after we discover the breach.


Right to Request Restrictions

  • You have the right to request a restriction or limitation on the health information we use or disclose about you for treatment, payment, or healthcare operations.
  • You also have the right to request a limit on the health information we disclose about you to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we not use or disclose information about a surgery that you had.
  • We are not required to agree to your request, unless you are requesting a restriction for services you have paid for in full out-of-pocket.
  • To request restrictions, you must make your request in writing to the Director of Health Information Management at Tower Health. In your request, you must tell us: 
  • What information you want to limit
  • Whether you want to limit our use, disclosure, or both
  • To whom you want the limits to apply—for example, you may ask that we not disclose information to your spouse


Out-of-Pocket Payments

  • If you paid out-of-pocket (in other words, you requested that we not bill your health plan) in full for a specific item or service, you have the right to ask that your Protected Health Information with respect to that item or service not be disclosed to a health plan for purposes of payment or healthcare operations. We will honor that request unless required by law not to. Two criteria must be met:
  • The purpose of the disclosure is for payment or healthcare operations and not otherwise required by law. 
  • It pertains solely to healthcare items or services for which the individual or someone else other than the health plan paid the health plan in full.


Right to Request Confidential Communications

  • You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we contact you only at work or only by mail.
  • To request confidential communications, you must make your request in writing to the Privacy Officer at the affiliated hospital. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.


Right to a Paper Copy of This Notice

  • You have the right to a paper copy of this notice.
  • You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
  • You may obtain a copy of this notice at our website: www.towerhealth.org.
  • To obtain a paper copy of this notice, contact the Privacy Officer at the affiliated hospital.

Changes to This Notice

We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for health information we already have about you as well as any information we receive in the future.


We will make a copy of the current notice easily available. The notice will contain the effective date on the cover, in the top righthand corner.


Additionally, each time you register at or are admitted to a Tower Health-affiliated hospital for treatment or healthcare services as an outpatient or inpatient, we will offer you a copy of the current notice in effect.

Complaints

You may file a complaint with us or with the Secretary of the United States Department of Health and Human Services if you believe your

privacy rights have been violated.


To file a complaint with us, contact the Privacy Officer at the address listed in the “Addresses” section that follows. All complaints must be made in writing and should be submitted within 180 days of when you knew or should have known of the suspected violation. There will be no retaliation against you for filing a complaint.


To file a complaint with the Secretary of the United States Department of Health and Human Services, please use the address in the “Addresses” section that follows. There will be no retaliation against you for filing a complaint. For additional information, you may call 202-619-0257 or toll free 877-696-6775, or visit the Office for Civil Rights website: hhs.gov/ocr/hipaa.

Other Uses of Health Information

Other uses and disclosures of health information not covered by this notice or the laws that apply to us will be made only with your written permission. In the following circumstances, we will always require an authorization from you:


  • Uses and disclosures of psychotherapy notes
  • Any marketing communication that is paid for by a third party about a product or service to encourage you to purchase or use the product or service
  • Except for limited transactions permitted by the Privacy Rule, a sale of protected health information for which we directly or indirectly receive remuneration or payment
  • Other uses or disclosures of Protected Health Information that are not described in this notice


If you provide us with permission to use or disclose health information about you, you may revoke that permission, in writing, at any time.


If you revoke your permission, we will no longer use or disclose health information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission and that we are required to retain our records of the care that we provided to you.

Addresses

For requests involving your records, including amendments, copies and accounting of disclosures:


Director of Health Information Management

Tower Health

P.O. Box 16052

Reading, PA 19612


Tower Health and its entities and locations are committed to these privacy practices for the benefit of our patients, their families and our community.


To request confidential communications, copies of this notice or to file a complaint:

Privacy Officer

Reading Hospital

P.O. Box 16052

Reading, PA 19612


To file a complaint with the government:

Secretary

U.S. Department of Health and Human Services

200 Independence Ave. SW

Washington, DC 20201

Share by: