Skip to main content

Important Changes for Patients and Visitors Arriving at White Plains Hospital’s Campus. Learn more.

Compliance/HIPAA

  • Compliance/HIPAA

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Introduction

This Notice applies to care and treatment you receive at the institutions that are part of Montefiore Health System, including White Plains Hospital, Montefiore Medical Center, Burke Rehabilitation Hospital, Crystal Run Healthcare Physicians LLP, Montefiore Mount Vernon Hospital, Montefiore New Rochelle Hospital, Montefiore Nyack Hospital, Schaffer Extended Care Center, and St. Luke’s Cornwall Hospital, and by the Medical Staff at these institutions (collectively referred to as “We” or “Montefiore” in this Notice). This Notice will be followed by any healthcare professional who treats you at any Montefiore hospital, clinic or office location. “Health information” includes any individually identifiable information that we obtain from you or others that relates to your past, present or future physical or mental health, the healthcare you have received, or payment for your healthcare. The institutions that are part of Montefiore Health System participate in joint activities, such as payment activities and quality improvement activities, and may share your health information among themselves for purposes of treatment, payment and operations. All of the Montefiore Health System institutions will abide by the privacy requirements of this Notice. We understand that your medical information is private and confidential. Further, we are required by law to maintain the privacy of “protected health information.” “Protected health information” or “PHI” includes any individually identifiable information that we obtain from you or others that relates to your past, present or future physical or mental health, the healthcare you have received, or payment for your healthcare. We will share protected health information with one another, as necessary, to carry out treatment, payment or healthcare operations relating to the services to be rendered at the Hospital facilities.

As required by law, this notice provides you with information about your rights and our legal duties and privacy practices with respect to the privacy of PHI. The institutions that are part of the Montefiore Health System participate in joint activities such as payment activities and quality improvement activities and may share your Health Information among themselves for purposes of treatment, payment and operation. All of the Montefiore Health System institutions will abide by the privacy requirements of this Notice.

Permitted uses and disclosures

We can use or disclose your protected health information for purposes of treatment, payment and healthcare operations. For each of these categories of uses and disclosures, we have provided a description and an example below. However, not every particular use or disclosure in every category will be listed.

Treatment means the provision, coordination or management of your healthcare, including consultations between healthcare providers relating to your care and referrals for healthcare from one healthcare provider to another. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to contact a physical therapist to create the exercise regimen appropriate for your treatment.

Payment means the activities we undertake to obtain reimbursement for the healthcare provided to you, including billing, collections, claims management, determinations of eligibility and coverage and other utilization review activities. For example, prior to providing healthcare services, we may need to provide information to your Third Party Payor about your medical condition to determine whether the proposed course of treatment will be covered. When we subsequently bill the Third Party Payor for the services rendered to you, we can provide the Third Party Payor with information regarding your care if necessary to obtain payment. Federal or State law may require us to obtain a written release from you prior to disclosing certain specially protected health information for payment purposes, and we will ask you to sign a release when necessary under applicable law.

Healthcare operations means the support functions of the Hospital, related to treatment and payment, such as quality assurance activities, case management, receiving and responding to patient comments and complaints, physician reviews, compliance programs, audits, business planning, development, management and administrative activities. For example, we may use your protected health information to evaluate the performance of our staff when caring for you. We may also combine health information about many patients to decide what additional services we should offer, what services are not needed, and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, medical students and others for review and learning purposes. In addition, we may remove information that identifies you from your patient information so that others can use the de-identified information to study healthcare and healthcare delivery without learning who you are.

Other uses and disclosures of protected health information

In addition to using and disclosing your information for treatment, payment and healthcare operations, we may use your protected health information in the following ways:

We may contact you to provide appointment reminders for treatment or medical care.

We may contact you to tell you about or recommend possible treatment alternatives or other health-related benefits and services that may be of interest to you.

We may disclose to your family or friends or any other individual identified by you protected health information directly related to such person's involvement in your care or the payment for your care. We may use or disclose your protected health information to notify, or assist in the notification of, a family member, a personal representative, or another person responsible for your care, of your location, general condition or death. If you are present or otherwise available, we will give you an opportunity to object to these disclosures, and we will not make these disclosures if you object. If you are not present or otherwise available, we will determine whether a disclosure to your family or friends is in your best interest, taking into account the circumstances and based upon our professional judgment.

We may include certain limited information about you in the hospital directory while you are a patient at the Hospital. This information may include your name, location in the Hospital, your general condition (e.g., fair, stable, etc.) and your religious affiliation. The directory information, except for your religious affiliation, may be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they do not ask for you by name. This will allow your family, friends, and clergy to visit you in the Hospital and generally know how you are doing. You will have the opportunity to request that your information not be listed in the directory.

When permitted by law, we may coordinate our uses and disclosures of protected health information with public or private entities authorized by law or by charter to assist in disaster relief efforts.

We will allow your family and friends to act on your behalf to pick-up filled prescriptions, medical supplies, X-rays, and similar forms of protected health information, when we determine, in our professional judgment, that it is in your best interest to make such disclosures.

Subject to applicable law, we may make incidental uses and disclosures of protected health information. Incidental uses and disclosures are by-products of otherwise permitted uses or disclosures which are limited in nature and cannot be reasonably prevented.

We may contact you as part of our fund-raising and marketing efforts as permitted by applicable law.

We may use or disclose your protected health information for research purposes, subject to the requirements of applicable law. For example, a research project may involve comparisons of the health and recovery of all patients who received a particular medication. All research projects are subject to a special approval process which balances research needs with a patient's need for privacy. When required, we will obtain a written authorization from you prior to using your health information for research.

We will use or disclose protected health information about you when required to do so by applicable law.

Note: In accordance with applicable law, we may disclose your protected health information to your employer if we are retained to conduct an evaluation relating to medical surveillance of your workplace or to evaluate whether you have a work-related illness or injury. You will be notified of these disclosures by your employer or the Hospital, as required by applicable law.

White Plains Hospital uses forms on this site. These forms may require users to give contact information. User IP addresses are collected and stored with form submissions within the content management system. Information collected from the forms are used only for the purpose for which it was collected and will not be sold to another party.

Special situations

Subject to the requirements of applicable law, we will make the following uses and disclosures of your protected health information:

  1. Organ and tissue donation. If you are an organ donor, we may release health information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
  2. Military and veterans. If you are a member of the Armed Forces, we may release health information about you as required by military command authorities. We may also release health information about foreign military personnel to the appropriate foreign military authority.
  3. Worker's compensation. We may release health information about you for programs that provide benefits for work-related injuries or illnesses.
  4. Public health activities. We may disclose health information about you for public health activities, including disclosures:
    • To prevent or control disease, injury or disability
    • To report births and deaths
    • To report child abuse or neglect
    • To persons subject to the jurisdiction of the Food and Drug Administration (FDA) for activities related to the quality, safety, or effectiveness of FDA-regulated products or services and to report reactions to medications or problems with products
    • To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition
    • To notify the appropriate government authority if we believe that an adult patient has been the victim of abuse, neglect or domestic violence; we will only make this disclosure if the patient agrees or when required or authorized by law
  • Health oversight activities. We may disclose health information to Federal or State agencies that oversee our activities. These activities are necessary for the government to monitor the healthcare system, government benefit programs, and compliance with civil rights laws or regulatory program standards.
  • Lawsuits and disputes. If you are involved in a lawsuit or a dispute, we may disclose health information about you in response to a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if the Hospital is given assurances that efforts have been made by the person making the request to tell you about the request or to obtain an order protecting the information requested.
  • Law enforcement. We may release health information if asked to do so by a law enforcement official:
    • In response to a court order, subpoena, warrant, summons or similar process
    • To identify or locate a suspect, fugitive, material witness, or missing person
    • About the victim of a crime under certain limited circumstances
    • About a death we believe may be the result of criminal conduct
    • About criminal conduct on our premises
    • In emergency circumstances, to report a crime, the location of the crime or the victims, or the identity, description or location of the person who committed the crime
  • Coroners, medical examiners and funeral directors. We may release health information to a coroner or medical examiner. Such disclosures may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release health information about patients to funeral directors as necessary to carry out their duties.
  • National security and intelligence activities. We may release health information about you to authorized Federal officials for intelligence, counterintelligence, or other national security activities authorized by law.
  • Protective services for the President and others. We may disclose health information about you to authorized Federal officials so they may provide protection to the President or other authorized persons or foreign heads of state or may conduct special investigations.
  • Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release health information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with healthcare; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
  • Serious threats. As permitted by applicable law and standards of ethical conduct, we may use and disclose protected health information if we, in good faith, believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public or is necessary for law enforcement authorities to identify or apprehend an individual.

Note: HIV-related information, genetic information, alcohol and/or substance abuse records, mental health records and other specially protected health information may enjoy certain special confidentiality protections under applicable State and Federal law. Any disclosures of these types of records will be subject to these special protections.

Other uses of your health information

Other uses and disclosures of protected health information not covered by this notice or the laws that apply to us will be made only with your permission in a written authorization. You have the right to revoke that authorization at any time, provided that the revocation is in writing, except to the extent that we already have taken action in reliance on your authorization.

Your rights

You have the right to request restrictions on our uses and disclosures of protected health information for treatment, payment and healthcare operations. However, we are not required to agree to your request. To request a restriction, you must make your request in writing to the Privacy Officer.

You have the right to reasonably request to receive confidential communications of protected health information by alternative means or at alternative locations. To make such a request, you must submit your request in writing at the time of registration.

You have the right to inspect and copy the protected health information contained in your medical and billing records and in any other Hospital records used by us to make decisions about you, except:

  • For psychotherapy notes, which are notes that have been recorded by a mental health professional documenting or analyzing the contents of conversations during a private counseling session or a group, joint or family counseling session and that have been separated from the rest of your medical record
  • For information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding
  • For protected health information involving laboratory tests when your access is restricted by law
  • If you are a prison inmate, obtaining a copy of your information may be restricted if it would jeopardize your health, safety, security, custody, or rehabilitation or that of other inmates, or the safety of any officer, employee, or other person at the correctional institution or person responsible for transporting you
  • If we obtained or created protected health information as part of a research study, your access to the health information may be restricted for as long as the research is in progress, provided that you agreed to the temporary denial of access when consenting to participate in the research
  • For protected health information contained in records kept by a Federal agency or contractor when your access is restricted by law
  • For protected health information obtained from someone other than us under a promise of confidentiality when the access requested would be reasonably likely to reveal the source of the information

In order to inspect and copy your health information, you must submit your request in writing to the Health Information Services Department at our Hospital. If you request a copy of your health information, we may charge you a fee for the costs of copying and mailing your records, as well as other costs associated with your request.

We may also deny a request for access to protected health information if:

  • A licensed healthcare professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to endanger your life or physical safety or that of another person
  • The protected health information makes reference to another person (unless such other person is a healthcare provider) and a licensed healthcare professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to cause substantial harm to such other person
  • The request for access is made by the individual's personal representative and a licensed healthcare professional has determined, in the exercise of professional judgment, that the provision of access to such personal representative is reasonably likely to cause substantial harm to you or another person

If we deny a request for access for any of the three reasons described above, then you have the right to have our denial reviewed in accordance with the requirements of applicable law.

You have the right to request an amendment to your protected health information, but we may deny your request for amendment, if we determine that the protected health information or record that is the subject of the request:

  • Was not created by us, unless you provide a reasonable basis to believe that the originator of protected health information is no longer available to act on the requested amendment
  • Is not part of your medical or billing records or other records used to make decisions about you
  • Is not available for inspection as set forth above; or is accurate and complete

In any event, any agreed upon amendment will be included as an addition to, and not a replacement of, already existing records. In order to request an amendment to your health information, you must submit your request in writing to the Health Information Services Department at our Hospital, along with a description of the reason for your request.

You have the right to receive an accounting of disclosures of protected health information made by us to individuals or entities other than to you for the six prior years prior to your request, except for disclosures:

  • To carry out treatment, payment and healthcare operations as provided above
  • Incident to a use or disclosure otherwise permitted or required by applicable law
  • Pursuant to a written authorization obtained from you
  • For the Hospital's directory or to persons involved in your care or for other notification purposes as provided by law
  • For national security or intelligence purposes as provided by law
  • To correctional institutions or law enforcement officials as provided by law
  • As part of a limited data set as provided by law; or that occurred prior to April 14, 2003

To request an accounting of disclosures of your health information, you must submit your request in writing to the Health Information Services Department at our Hospital. Your request must state a specific time period for the accounting (e.g., the past three months). The first accounting you request within a twelve (12) month period will be free. For additional accountings, we may charge you for the costs of providing the list. We will notify you of the costs involved, and you may choose to withdraw or modify your request at that time before any costs are incurred.

Complaints

If you believe that your privacy rights have been violated, you should immediately contact Compliance Hotline at 800.662.8595 or visit montefiorehealth.ethicspoint.com. We will not take action against you for filing a complaint. You also may file a complaint with the Secretary of Health and Human Services.

Compliance Program

White Plains Hospital Compliance Hotline

The purpose of the White Plains Compliance Program is to ensure that White Plains operations are conducted in compliance with all applicable laws and regulations as well as all White Plains policies and procedures and in accordance with our mission, vision and values.

White Plains employees have a duty to report any actual or suspected illegal, unethical, or improper conduct. The White Plains Compliance Hotline is a reporting mechanism that facilitates the reporting of possible violations when the regular channels of communication have proven ineffective or are impractical under the circumstances.

The Hotline is available to employees as well as contractors, vendors and patients and their families. Employees are encouraged to utilize the reporting "chain of command" by contacting their supervisor or department head. If you are unsure about where to go with your concerns, or you feel uncomfortable reporting through normal channels of communication, or wish to raise the issue anonymously, you should access the Compliance Hotline.

The Compliance Hotline is run by an independent third-party provider and is available online or by telephone. Whether reporting via the web or by telephone, the Hotline is available 24 hours a day, seven days a week. The Compliance Hotline is designed to protect your confidentiality, and your anonymity, if requested. Regardless of how a report is made, White Plains prohibits retaliation in any form against anyone who, in good faith, reports a possible violation or who participates in an investigation, even if sufficient evidence is not found to substantiate the concern. White Plains will take appropriate action against any individual determined to be engaging in retaliatory conduct.

Access the Compliance Hotline on the Web

Access the Compliance Hotline via the telephone, call 800.662.8595

You can read about White Plains' Code of Conduct by clicking here.

Contact person

If you have any questions or would like further information about this notice, please contact Compliance Hotline line 800.662.8595.

We must comply with the provisions of this notice as currently in effect, although we reserve the right to change the terms of this notice from time to time and maintain. You can always request a written copy of our most current privacy notice from Health Information Management at the Hospital or you can access it on our website at wphospital.org.

This notice is effective as of Oct. 1, 2019.