Protecting patient privacy

Patient privacy overview

Northwell Health understands that you may have concerns about privacy. Our patients are our number one priority and we believe that patient privacy is an integral part of the health care we provide to you.

To ensure the development of a lasting bond of trust with our patients, we have many safeguards to protect the privacy and security of your personal information. For example, each of our facilities has a Privacy Officer who is able to answer any questions a patient may have about the way in which their health information will be used. We also have many policies in place to protect the privacy and security of your personal information and our employees are educated from the moment they are hired and continually after, to respect and protect our patient’s privacy.

Also federal and state laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) provide guidance for patients regarding their privacy rights and the use or disclosure of their medical information. These rights are described in detail in Northwell Health’s Notice of Privacy Practices below.

According to a recent industry report, 15.4 million consumers were victims of identity theft or fraud last year, stealing a total of $16 billion dollars from victims.

Awareness is key to helping you avoid becoming a victim of identity theft. Northwell would like to make you aware of what to do if you suspect your identity has been stolen.

Contact your insurance company immediately if:

  • You have unexpectedly been told that you have reached your benefit limit
  • You experience a denial of service because your plan shows you have a condition that you do not have
  • Debt collectors start to call you about a medical debt you do not believe you owe

If you believe you are or might be a victim of identity theft, place a Fraud Alert with a National Credit Reporting Agency (CRA) listed here:

  • Experian 888-EXPERIAN (397-3742)
  • Trans Union 1-800-680-7289
  • Equifax 1-800-525-6285

For more information about how to protect your identity and prevent fraud:

If you would like to speak to a Northwell employee with a question on your bill, please call – 1-855-853- 6967.

Notice of privacy practices

To see a copy of the notice, please click on the appropriate link:

Frequently asked questions

Q: What is HIPAA?
A: HIPAA is an acronym for the Health Insurance Portability and Accountability Act of 1996, a federal law.

Q: What does HIPAA do?
A: HIPAA protects the privacy and security of patient medical information in both written and electronic forms. It also sets the terms on which medical information can be transmitted to other providers and to health insurers.

Q: Is the Northwell Health required to comply with HIPAA?
A: Yes. HIPAA applies to:

  • Healthcare providers
  • Health plans (self insured/insured, HMOs, health insurance companies, employer health plans, and similar arrangements)
  • Healthcare clearinghouses (entities that standardize health information)

Q: What information is protected under HIPAA?
A: The HIPAA Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "Protected Health Information,” which is also referred to as “PHI”.

The following are examples of identifiers that could be considered individually identifiable information:

  • Names
  • Geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code in certain situations
  • All elements of date (except year) for dates directly related to an individual, including birth date, discharge data, date of death; and all ages over 89 and all elements of dates indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
  • Telephone numbers
  • Fax numbers
  • Electronic mail addresses
  • Social security numbers
  • Medical record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers
  • Medical device identifiers
  • Web universal resource locators (URLs)
  • Internet protocol (IP) address numbers
  • Biometric identifiers, including finger and voice prints
  • Full face photographic images and any comparable images
  • Any other unique identifying number, characteristic, or code

Q: How is the Northwell Health ensuring compliance with HIPAA?
A: The Health Network has implemented a number of controls to comply with HIPAA. Some of them are:

  • Privacy Officers assigned to each of its facilities
  • Regular, periodic training for the members of its workforce
  • Policies and procedures to help protect the privacy and security of patients’ individually identifiable health information
  • HIPAA-compliant forms to help implement HIPAA
  • A Notice of Privacy Practices that is available to all patients

Q: What are the rights that HIPAA gives to me as a patient?
A: HIPAA provides many rights to patients. These rights include:

  • The right to receive Northwell Health’s Notice of Privacy Practices
  • The right to review and get a copy of your medical information
  • The right to ask that your medical information be amended
  • The right to ask for restrictions in the use of your health information
  • The right to ask for confidential communications
  • The right to an accounting of disclosures of your medical information
  • The right to be notified if the privacy of your protected health information has been breached, as defined by HIPAA
  • The right to file a complaint with Northwell Health or the U.S. Department of Health and Human Services’ Office for Civil Rights if you feel your privacy rights have been violated

Q: If I would like to request a copy of my medical record, what should I do?
A: You can access the form that you must fill out to request a copy of your medical records by clicking here. Submit the completed form to the individual who is responsible for medical records in the facility from which you are requesting the records.

Q: Will all of my information be included in the response to my request for medical information?
A: Most of the information in your medical record will be included in the response to your request. However, certain portions of your record, such as psychotherapy notes, may not be included in the response. For further information on this restriction, please click here.

Q: How do I request an amendment to my medical information?
A: You may request an amendment to your medical record if you believe that information in your l record is inaccurate. Subject to your health care provider’s discretion and applicable law, we will do our best to accommodate all reasonable requests. To request an amendment, please click on the following link to access the form you must complete and submit: Request for Amendment of Protected Health Information

Q: How do I request a restriction on the way in which my medical information is disclosed?
A: To request a restriction, please click on the following link to access the form you must complete and submit: Request for confidential Communications and/or Restrictions on Access, Use or Disclosure of Protected Health Information

Q: Who should I contact if I have more questions about my privacy rights?
A: Northwell Health has a staff of Compliance and Privacy Officers who are here to assist you with any questions related to the privacy of your health information. Please call the Office of Corporate Compliance at (516) 465-8097 for further information.

Q: Will my medical information be used for research purposes?
A: You may be asked to participate in research studies while you are a patient at Northwell Health facilities. However, your identifiable medical information will not be used for research purposes without your prior authorization.

Q: How can I learn more about HIPAA and patient privacy?
A: For more information about the privacy of your medical information, we recommend that you consult the following link: http://www.hhs.gov/ocr

Q: Who should I contact if I have a complaint related to the privacy of my medical information?
A: Please see the contact information section for details.

Security

At Northwell Health, we not only care for your well-being, we are also committed to protecting the security and privacy of your personal health information. We utilize sophisticated technologies and processes to protect your data, and we require that our external partners and vendors meet the same high standards we follow. Our computer networks, data centers, personal computing devices, and all systems are being continuously monitored to prevent unwanted intrusions and computer infections. Like your health, we take security very seriously. All Northwell Health workforce members are trained to follow strict guidelines to make sure that your information is protected and remains secure. To learn more, click here.

Contact

The Northwell Health’s Office of Corporate Compliance is here to address any question or complaint related to the way in which the privacy of medical information is handled. We can be reached as follows:

Office of Corporate Compliance
200 Community Drive
Great Neck, NY 11021
Phone: (516) 465-8097
Fax: (516) 465-8996

Additionally, toll-free, anonymous, confidential, non-retaliatory reporting is available 24 hours, 7 days a week. Visit www.northwell.ethicspoint.com or call (800) 894-3226.

While we hope you will contact Northwell Health's Office of Corporate Compliance first to address your concerns, you also have the right to contact the Office for Civil Rights to file a complaint.

Office for Civil Rights
U.S. Department of Health and Human Services
Jacob Javits Federal Building
26 Federal Plaza - Suite 3312
New York, NY 10278
Voice Phone (212) 264-3313
FAX (212) 264-3039
TDD (212) 264-2355

Corporate compliance

High quality patient care delivered with integrity.