Notice of Privacy Practices

•  Aviso de Prácticas de Privacidad

NOTE: Effective Nov 2004; updated July 1, 2013 

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Protecting Your Privacy

Intermountain Healthcare (Intermountain) understands the importance and sensitivity of your health information. We protect the privacy of your health information because that is the right thing to do. We also follow federal and state laws that govern the use of your health information. We use your health information (and allow others to have it) only as permitted by federal and state laws. These laws give you certain rights regarding your health information.

Your Health Information Rights

You may:

• inspect and get a copy of your medical or billing records (including an electronic copy if we maintain the records electronically), as allowed by law, usually within 30 days of your request;
• Request and be provided a paper copy of our current Notice of Privacy Practices;
• Ask us to contact you at a specific address or phone number;
• require that we not send information  about a healthcare service or related item to your health plan if you or someone else pays in full for that service or item and if you notify us in advance that you — and not your health plan — are going to pay for this service or item (so we don’t automatically bill your health plan);
• request in writing that restrictions be placed on how your health information is normally used or shared for treatment or other purposes;
• request an accounting of when your identifiable health information is shared outside of Intermountain for a purpose other than treatment or payment, for example; 
• receive notice if we or our business associate has breached the confidentiality of your health information;
• report a privacy concern and be assured that we will investigate your concern thoroughly, support you appropriately, and not retaliate against you in any way  (you may report any privacy concerns to the Compliance or Privacy Coordinator at one of our facilities, to our main  Privacy Office at (800) 442-4845 or Privacy@imail.org, or to the Office for Civil Rights, U. S. Department of Health and Human Services, Denver Office), and
• request in writing that your health information be amended if you think that information is in error.

How Your Health Information is Used

1. Common Uses of Health Information

When we care for you, we will gather some of your health information. The law allows us to use or share this health information for the following purposes:

• To understand your health condition and to treat you when you are sick. For example, we may look at your x-rays or share x-rays we take of you with your treating doctor, who may be outside of Intermountain, or we may receive your prescription information from other health services companies to help you avoid harmful drug interactions.
• to bill for your healthcare services and to receive payment for our services (for example, we share your health insurance information with other healthcare providers who treat you — like your anesthesia doctor or a specialty laboratory — so they can bill for those services);
• to determine if a patient is eligible for Medicaid or the Children's Health Insurance Program by submitting personally identifiable information to these state databases;
• To improve our care. For example, we may contact you to understand what you thought of our care and to learn how to enhance our services to you.
  • to contact you for the purpose of raising money for the Intermountain Healthcare Foundation (This money is used to expand and improve the services and programs we provide for the community. The law limits the information about you that the Foundation gets and gives you the right to opt out of receiving these communications.  Opting out will have no impact on your care or payment for your care.  To opt-out or to opt back in to these communications, call (800) 442-4845 or contact your local Intermountain Healthcare Foundation office);  
• To improve our services to you by allowing companies with whom we contract, called “business associates,” to perform certain specialized work for us. The law requires these business associates to protect your health information and obey the same privacy laws that we do.
• To perform a very limited, specific type of health-related research, where the researcher keeps any patient-identifiable information safe and confidential. Intermountain reviews every research request to make sure your privacy is appropriately protected before sharing any health information, and
• To law enforcement, but only as authorized by law, i.e., to investigate a crime against Intermountain or any of its patients.

2. Required Uses of Health Information

The law sometimes requires us to share information for specific purposes, including the following:

• To the Department of Health to report communicable diseases, traumatic injuries, or birth defects, or for vital statistics, such as a baby’s birth;
• To a funeral director or an organ-donation agency when a patient dies, or to a medical examiner when appropriate to investigate a suspicious death;
• To the appropriate governmental agency if an injury or unexpected death occurs at an Intermountain facility;
• To state authorities to report child or elderly abuse;
• to law enforcement for certain types of crime-related injuries, such as gunshot wounds
• To governmental inspectors who, for example, make sure our facilities are safe;
  • to military command authorities or the Department of Veterans Affairs when we treat patients who are in the military or are veterans;
  • to a correctional institution if a patient is an inmate;
• To the Secret Service or NSA to protect, for example, the country or the President;
• To a medical device’s manufacturer, as required by the FDA, to monitor the safety of a medical device;
• To court officers, as required by law, in response to a court order or a valid subpoena;
• To governmental authorities to prevent serious threats to the public’s health or safety;
• To governmental agencies and other affected parties, to report a breach of health-information privacy;
• To an employer, but only if the employer contracts with us to help the employer meet OSHA requirements about workplace and employee safety; and
• To a worker’s compensation program if a person is injured at work and claims benefits under that program.

3. Uses According to Your Requests

Your preferences matter. If you let us know how you want us to disclose your information in the following situations, we will follow your directions. You Decide:

• if you want callers or visitors to know how to reach you. When you’re admitted, you will be asked if you want to be in the “hospital directory”. If you say “yes”, the hospital can tell visitors who ask for you by name how to find you or talk to you. The hospital may also tell the visitor — only in general terms — how you are doing. If you say “no”, the hospital won’t let any visitor know you are in the hospital and won’t direct phone calls or flowers to you.
• if you want us to share any health or payment information related to your care with your family members or friends. Please let our Intermountain employees know what you want us to share. If you can’t tell us what health or payment information you want us to share, we may use our professional judgment to decide what to share with your family or friends for them to be able to help you.
• who we should contact in an emergency. But if you aren’t able to tell us who to contact, we may ask the public authorities to help. For example, we may ask the police to help find your family or, in a disaster, we may help the Red Cross reconnect you with your family.
• if you want to indicate your religious preference when you are admitted to one of our facilities. If you indicate your religious preference, we may provide your name to a visiting representative of your religion. But if you don’t want that, tell our staff at any time that you do not want us to share your name with a religious representative.
• if you want us to provide immunization information about you or your child to a school.

4. Uses of Health Information with Your Authorization

Any sharing of your health information, other than as explained above, requires your written authorization. For example, we will not use your health information unless you authorize us in writing to:

• send copies of your health information to a life insurance company;
• share any of your psychotherapy notes, if they exist, with a third party who is not part of your care;
• send information to encourage you to buy  a non-Intermountain product if we are paid to send that information or make the communication; or
• sell your identifiable health information.

If you authorize us to share your health information but then change your mind, please notify the appropriate Intermountain facility in writing that you revoke the authorization. We will honor your revocation, but, of course, we will not able to get back the health information that you authorized us to send before revoking that authorization.

• Authorization to Use and Disclose Protected Health Information
• Autorización para Utilizar y Revelar Información Protegida relativa a la Salud

5. Special Legal Protections for Certain Health Information

Intermountain complies with federal and state laws that require extra protection of special records.  These records may include records of treatment in an addiction-treatment program, genetic information, or psychotherapy notes from a treating psychotherapist.

If You Still Have Questions

Our staff is trained to help you with any questions you may have about the privacy of your health information. They can also address any privacy concerns you may have about your health information and help you fill out any forms that are needed to exercise your privacy rights. If you are at one of our Intermountain facilities, please ask one of our staff members to help you contact a local Compliance or Privacy Coordinator, or call (800) 442-4845 to reach our main Privacy Office.

This privacy notice became effective on 07/01/2013. We may change this privacy notice at any time. You can see our current privacy notice on our website, at IntermountainHealthcare.org, or posted in our hospitals, clinics, and offices. You can also obtain a copy of this notice from any of our staff by asking for a copy, by visiting our website, or by calling our Privacy Office at (800) 442-4845.

This notice describes our privacy (including the practices describes the practices of our employees and volunteers working in our hospitals, clinics, doctors’ offices, service departments). This notice also describes the privacy practices of associated healthcare providers — who are not Intermountain employees — while treating you in our facilities, unless they provide you with a notice of their own privacy practices. (For more information about the specific privacy practices of associated providers, please contact them directly.)

For more information about SelectHealth privacy practices. 

Contact Us

If you would like further information about your privacy rights, are concerned that your privacy rights have been violated, or disagree with a decision that we made about access to your health information, contact:

• The privacy coordinator in the Intermountain facility where you received care.
• Intermountain Privacy Office
  36 S. State Street
  Salt Lake City, UT 84111
  Toll free: 1-800-442-4845
  Email: privacy@imail.org

We will investigate all complaints and will not penalize or treat you any differently for filing a complaint. You may also file a written complaint with the Office of Civil Rights of the U.S. Department of Health and Human Services.

Privacy Practices on IntermountainHealthcare.org

Public Information – This online service (the “Service”)  offers access to information on Intermountain services and facilities, affiliated physicians, and other health-related content to anyone who accepts the Terms of Use. Intermountain Healthcare, through intermountainhealthcare.org, makes this information publicly available without the need for the user to disclose any personally identifiable information.

This online Service also offers you access to your personal clinical and insurance-related information. To access that information, you’ll need to register for those specific services by following the instructions in our Terms of Use in the section called "Terms of Use for Personalized Information."

Intermountain Healthcare offers you this Service on these conditions:

1. that you are 18 years of age or older;
2. that you have the right and ability to agree to the Terms of Use;
3. that you agree to the Terms of Use

This Service is intended for use by adults and, in some cases, teenagers over thirteen. Some areas of this Service may, however, be attractive to children, such as the “LIVE” site and SelectHealth’s STEP Express web pages. Consistent with the Children’s Online Privacy Protection Act of 1998, we will never knowingly request personal information from anyone less than 13 years of age without prior verifiable parental consent. If you become aware that your child who is less than 13 years of age has provided us with personal information without prior verifiable parental consent, please contact us at webmaster@imail.org and we will use our best efforts to promptly remove such information from our files.

Proprietary Information – In addition to the publicly available information, intermountainhealthcare.org also provides access to personal health-related information to those who provide the necessary information to make that possible. For example, in the "My Health" section on intermountainhealthcare.org, a user can view his or her personal online health records, provided that they have registered and logged in a user name and password.

System Security – Intermountain has taken reasonable steps and has employed industry-standard practices and technology to ensure the integrity and confidentiality of personally identifiable information; but because even the most secure computer system can be violated, Intermountain cannot guarantee security.  

Third Party Services – Intermountainhealthcare.org offers the opportunity to apply online for employment with Intermountain. This online employment service is provided through a third party entity ("Peoplefluent") under contract with Intermountain. A statement of Peoplefluent's  privacy practices can be accessed and viewed online:

• Peoplefluent Privacy Statement

Use of Cookies – Like many sites, intermountainhealthcare.org utilizes "cookies." A cookie is an alphanumeric file that transfers to the user's computer during a session to help improve the Internet experience. intermountainhealthcare.org uses cookies: (1) to keep track of the pages previously selected during the session, in order to enable "Back to Previous Section" capability; (2) to enable general usability statistics that can be used to make the site better; and (3) in situations where users proactively identify themselves (e.g., with a user name and password), cookies help serve up personalized functionality without the need for users to continually re-identify themselves during their session. Cookies are randomly generated, are used only for one session and are then destroyed, and are incapable of identifying the user. Intermountain does not control the use of cookies used or linked by contracted or third party services (such as Peoplefluent).