This Notice describes the privacy practices of Thomas Jefferson University (TJU), including the clinical operations referred to as Jefferson Health, which includes, but is not limited to, wholly owned and controlled entities that engage in covered transactions under HIPAA (Health Insurance Portability and Accountability Act): Thomas Jefferson University Hospitals, Inc.(TJUH, Inc.), Jefferson University Physicians (JUP), Abington Memorial Hospital, Lansdale Hospital, Jefferson Health – Northeast, Aria Health Physician Services, Aria Health Orthopedics, Kennedy University Hospital, Inc., Kennedy Medical Group Practice, P.C., Magee Memorial Hospital for Convalescents d/b/a Moss Magee Rehabilitation Hospital, Jefferson Einstein Hospital1 , Jefferson Health – Elkins Park, Jefferson Einstein Montgomery Hospital2, Jefferson Moss-Magee Rehab3, Einstein Surgery Center, Einstein Medical Center Montgomery Short Procedure Unit, Einstein Endoscopy Center Blue Bell, Willowcrest, Einstein Practice Plan, Inc. d/b/a Einstein Physicians, Einstein Community Healthcare Associates, Inc. d/b/a Einstein Physicians, and Fornance Physician Services d/b/a Einstein Physicians Montgomery, collectively referred to as “Jefferson Health”. This list of facilities may change from time to time; you may obtain an updated list of facilities by calling 1-833-391-2547.
Jefferson facilities include all patient care, research, laboratory and administrative space owned or leased by Jefferson and any location where Jefferson employees work to care for Jefferson Health patients. All employees, medical staff, students and other members of the Jefferson community (“we” or “us”) follow the terms of this Notice. Jefferson is required by law to maintain the privacy of your health information (“Protected Health Information” or “PHI”) and to provide you with this Notice.
1 Jefferson Einstein Hospital is also known as Albert Einstein Medical Center
2 Jefferson Einstein Montgomery Hospital is also known as Einstein Medical Center Montgomery
3 Jefferson Moss-Magee Rehab is also known as MossRehab, an operating division of Albert Einstein Medical Center
Jefferson Health understands that information about you and your health is very personal. Therefore, we strive to protect your privacy. We are required by law to maintain the privacy of our patients’ protected health information (“PHI”) and to provide you with notice of our legal duties and privacy practices with respect to your PHI. We will only use and disclose your PHI as described in this Notice. We are required to abide by the terms of this Notice so long as it remains in effect. We reserve the right to change the terms of this Notice and to make the new notice provisions effective for all PHI we maintain. Any revised notice will be available upon request and on our website at https://www.jeffersonhealth.org/privacy-practices.html.
Unless you expressly indicate to the contrary, you agree to receive such information from us and from the persons and entities with whom we share your PHI by automated means, which may include the use of an automatic telephone dialing system (“ATDS”), pre-recorded message, artificial voice and/or electronic mail (“email”), SMS (text messages) regarding treatment options, health-related information, disease-management programs, wellness programs or other community-based initiatives or activities in which we participate.
We may use and disclose your PHI in connection with your treatment and/or other services provided to you—for example, to diagnose and treat you. In addition, we may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services. We may also disclose PHI to other providers within Jefferson and outside of Jefferson Health (e.g., physicians, nurses, pharmacists and other health care facilities involved in your treatment)
We may use and disclose your PHI to obtain payment for services that we provide to you—for example, to request payment from your health insurer and to verify that your health insurer will pay for your health care services.
We may use and disclose your PHI for our health care operations. These include internal administration and planning, various activities that improve the quality and cost effectiveness of health care services, health care delivery review, regulatory compliance, staff performance evaluation, education and training of physicians and other health care providers, business planning and development, business management and general administrative activities. We use this information to continuously improve the quality of care for all patients we serve. For example, we may use your PHI to evaluate the quality and competence of our physicians, nurses and other health care workers. We may also use PHI to resolve patient problems and complaints. Additionally, we may share your PHI with other health care providers and payors for certain business operations if the information is related to a relationship the provider or payor currently has or previously had with you, and if the provider or payor is required by federal law to protect the privacy of your protected health information.
We may contract with certain outside persons or organizations to perform certain services on our behalf, such as auditing, accreditation, legal services, etc. At times, it may be necessary for us to provide your information to one or more of these outside persons or organizations. In such cases, we require these business associates, and any of their subcontractors, to appropriately safeguard the privacy of your information as required by law.
We may also disclose PHI to other health care providers when such PHI is required for them to treat you, receive payment for services they render to you, or conduct certain health care operations, for example, for emergency ambulance companies to request payment for services in bringing you to the hospital.
We participate in Health Information Exchanges (“HIEs”) which, through secure connected networks with health care providers who participate in the HIEs, makes it possible for us to electronically share protected health information to
coordinate patient care. We may electronically share your medical information through HIEs, among participating HIE members for the purposes of treatment, payment, health care operations, and other authorized purposes, to the extent
permitted by law.
You have the right to “opt-out” or to decline participation in any HIE that we participate in. To opt out of an HIE you may use the Request for Restriction of Protected Health Information form:
If you are admitted to a Jefferson Health hospital facility, we may include your name, room number, general health condition and religious affiliation in our hospital patient directory without obtaining your written authorization, unless you choose to object after reading this Notice. Information in the hospital directory (other than religious affiliation) may be disclosed to anyone who asks for you by name, either in person or by telephone. This information, including your religious affiliation, may also be disclosed to members of the clergy.
We may disclose your PHI to a family member, other relative, friend, or any other person if we:
If we provide information to any individual(s) listed above, we will release only information that we believe is directly relevant to that person’s involvement with your health care or payment related to your health care. We may also disclose your PHI in the event of an emergency and other situations permitted by law, or to notify (or assist in notifying) such persons of your location, general condition or death.
We may contact you to request a donation to support important activities of Jefferson. We may disclose to our fundraising staff certain demographic information about you (e.g., your name, address, other contact information, age, gender, and date of birth), dates on which we provided health care to you, department of service information, your treating physician, outcome information, and your health insurance status. You may request to opt-out of receiving fundraising communications. Jefferson will not condition treatment or billing for those services on your choice of whether to receive fundraising communications.
We may disclose your PHI for the following public health activities:
If we reasonably believe you are a victim of abuse, neglect or domestic violence, we may disclose your PHI to a governmental authority, including a social service or protective services agency, authorized by law to receive reports of such abuse, neglect, or domestic violence.
We may disclose your PHI to a health oversight agency that is responsible for ensuring compliance with rules of government health programs such as Medicare or Medicaid.
We may disclose your PHI in response to a court order, subpoena, or other lawful process.
We may disclose PHI of deceased individuals to a coroner, medical examiner or funeral director authorized by law to receive such information.
We may disclose your PHI to organizations for purposes of organ and tissue donations, banking and/or transplantation.
When conducting research, in most cases, we will ask for your written authorization before PHI is used. However, we may use or disclose your PHI without your specific authorization if Jefferson’s Institutional Review Board (“IRB”) has waived the authorization requirement. The IRB is a committee that oversees and approves research involving living humans.
We may use or disclose your PHI to prevent or lessen a serious and imminent threat to the safety of a person or the public. For example, • To report certain diseases and wounds, births and deaths, and suspected cases of abuse, neglect or domestic violence; • To help identify, locate or report criminal suspects, crime victims, suspicious deaths or criminal conduct on the premises of EINSTEIN; • To respond to a court order, subpoena or other judicial process; • To assist federal disaster relief efforts; • To enable product recalls, repairs or replacements; • To respond to an audit, inspection, or investigation by a health-related government agency; • To assist in federal intelligence, counterintelligence and national security issues; • To facilitate organ and tissue donations; • To assist coroners, medical examiners and funeral directors; • To respond to a request from a jail or prison regarding an inmate’s health or medical treatment; • To respond to a request from your military command authority (if you are a member or veteran of the armed forces);
We may release your PHI to units of the government with special functions, such as the U.S. military or the U.S. Department of State under certain circumstances, such as for intelligence, counter- intelligence, or national security activities.
We may disclose your PHI as authorized by state law relating to workers’ compensation or other similar government programs.
If you are or become an inmate of a correctional institution or are in the custody of a law enforcement official, we may release your PHI to the institution or official if required to provide you with healthcare or to protect the health and safety of others.
We may use and disclose your PHI when required to do so by any other laws not already referenced above.
For any purpose other than the ones described above, we may use or disclose your PHI only when you give Jefferson your specific written authorization. For instance, you will need to sign an authorization form before we send your PHI to a life insurance company. The following are non-exhaustive examples of other uses or disclosures for which your specific written authorization is required:
We may contact you as part of our marketing activities, as permitted by law. We will obtain your written permission when the uses and disclosures of PHI are for marketing purposes or other activities where we receive remuneration in exchange for disclosing such PHI.
If you do not “opt-out” at the time you provide your PHI, you consent to Jefferson, its affiliates and business associates contacting you by automated means, which may include an ATDS. Your consent is not a condition of purchase. These messages may also include recurring text message promotions and special offers.
Should we wish to disclose your PHI in any manner that would constitute a sale of your PHI, we will obtain your written authorization to do so.
Federal and state laws provide special protections regarding highly confidential information about you. This includes, but is not limited to:
With regard to reproductive health care services, which includes all medical, surgical, counseling, or referral services related to the human reproductive system including, but not limited to, services related to pregnancy, contraception, or termination of a pregnancy, we will not share that information in any civil action or proceeding preliminary thereto (including an investigation for a state or federal agency) or in any probate, legislative, or administrative proceeding, without you or your legal representative’s written consent, which you are permitted to withhold. We may still provide information related to your reproductive health care services without your consent in civil actions, investigations, or other proceedings:
In all other situations, we will follow our general privacy practices regarding the disclosure of medical information related to reproductive health care services. For example, we may share your health information with other medical professionals who are treating you without your written consent.
You may request to see and receive paper or electronic copies of your medical and billing records. To do so, please submit a written request to the appropriate Jefferson office or department. You will be charged for copies in accordance with established professional, applicable state and federal guidelines and laws. If you are a parent or legal guardian of a minor, certain portions of the minor’s medical record may be inaccessible to you under the law (for example, records relating to abortion, contraception, and/or family planning services and mental health services) unless the patient him/herself authorizes Jefferson to give you access to this PHI.
Additionally, under limited circumstances defined by law, we may deny you access to a portion of your records.
You may request additional restrictions on Jefferson’s use and disclosure of your PHI:
We are not required to agree to your request, and we may say “no” if it would affect your healthcare or if we reasonably believe the information is accurate as is in your record. If we agree to a restriction, we will state the agreed restrictions in writing and will abide by them, except in emergency situations when the disclosure is needed for purposes of treatment.
If you wish to make a request to restrict the use of your PHI, please complete our Request for Restrictions of Protected Health Information:
space-line
You may request, and we will accommodate, any reasonable written request from you to receive your PHI by alternative means of communication or at alternative locations. For example, you may instruct us not to contact you by telephone at home, or you may give us a mailing address other than your home for test results.
You may revoke your authorization, except to the extent that we have already used or disclosed your PHI. A revocation form is available upon request from The Privacy Office, as noted below. This form must be completed by you and returned to The Privacy Office.
You have the right to request that we correct PHI maintained in your medical or billing records. To do so, you must submit a written request to:
Jefferson Health:
Health Information Management Department
111 South 11th Street,
Gibbon Building, Suite 1950
Philadelphia, PA 19107
Phone: 215.955.6627
Email: HIM@jefferson.edu
Jefferson Health – Einstein:
Jefferson Einstein Hospital
Attn: Health Information Management (HIM) Department
5501 Old York Road
Philadelphia, PA 19141
You may go to the HIM website or Einstein Health website for the form or you may write your own request. The
request may not be longer than one (1) page in length.
We may say “no” to your request, but we will tell you why in writing within 60 days.
You may request a record of certain disclosures of your PHI. Your request may cover any disclosures made in the six years prior to the date of your request. Certain disclosures do not need to be included in this accounting, including those made for treatment, payment and operations purposes.
You have the right to receive written notification from Jefferson in the event of a breach of your unsecured PHI, i.e., if there is an unauthorized access, use, or disclosure of your PHI which meets certain criteria under the law.
If you have a question or wish to file a complaint related to the privacy of your health care information, please call, email, or write to the Privacy Office using the contact information provided below
Jefferson Health:
Address: Jefferson Health
1101 Market Street, Suite 2400
Philadelphia, PA 19107
Attention: The Privacy Office
Telephone: 833-391-2547
Email: privacyoffice@jefferson.edu
If you wish to remain anonymous, contact the Jefferson Alert line via telephone at 1-833-ONE-CODE (833-663-2633).
Additionally, you may also file a written complaint with the Director, Office for Civil Rights of the U.S. Department of Health and Human Services located at:
200 Independent Avenue, SW
Washington, DC 20201
OCRComplaint@hhs.gov
This Notice is effective from April 14, 2003.
This Notice was revised September 23, 2013, April 28, 2017, January 2019, and August 18, 2022.
We may change the terms of this Notice at any time. If we change this Notice, we will post the revised Notice in appropriate locations around Jefferson and on-line at Jefferson.edu/PatientPolicies. You also may obtain any revised notice by contacting The Privacy Office.
An Organized Health Care Arrangement (OHCA) is a collaborative structure within our health system aimed at improving care coordination and health care delivery for our patients and health plan members. Jefferson Health has designated our health care provider entities as a single covered entity known as an affiliated covered entity (ACE) under HIPAA. We also own organizations that provide support to our providers in achieving these goals (i.e., Thomas Jefferson Jeffcare, Inc. (PHO), Jefferson Alliance, LLC (CIN), and Einstein Care Partners (ACO)) and they participate in our OHCA. The JH ACE and Jefferson Health Plans, together with the medical staff at our hospitals and our accountable care organizations and clinically integrated networks, engage in various joint activities that qualify as an organized health care arrangement activities.
TJU also owns Jefferson Health Plans that are regulated as HIPAA covered entities. The joint activities of our providers and health plans in organized health care arrangements enables the sharing of information on patients in order to carry out treatment, payment and health care operations related to the OHCA and achieve the health system’s objectives of improving lives throughout the region. These activities include conducting analysis necessary for quality assessment and improvement, utilization review, and payment activities for the efficient delivery of care, the development of quality measures, and innovative population health and care coordination solutions.
OHCAs foster a streamlined healthcare delivery system. As part of our health care operations, each entity operates independently but collaborates to share patient information in compliance with HIPAA, ensuring coordinated, high-quality care for our community. Our arrangements enhance communication and collaboration between and among our physicians, hospitals, medical staffs, accountable care organizations, and health plans to promote continuity of care and efficiency while enhancing the overall healthcare experience. By sharing patient information for common goals and objectives, this collaboration ensures a more integrated approach to population health in our community, ultimately enhancing and improving quality, efficiency, and patient outcomes.
The Thomas Jefferson University covered entities and supporting organizations currently participating in one or more OHCAS involve the following parties:
GO TO JEFFERSON HEALTH WEBSITE
