Patient Privacy & Security
Our pledge to protect your privacy
Health care providers, health plans and health care clearinghouses have a strong tradition of safeguarding patient information. However, in today’s world, the old system of paper records in locked filing cabinets is not enough. With information broadly held and transmitted electronically, the Privacy & Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides clear standards for protecting and securing patient information, while allowing the flow of necessary information for patient care and other important purposes. HIPAA also specifies a series of administrative, physical, and technical safeguards to prevent the intentional or unintentional use or disclosure of protected health information. These safeguards may include shredding documents containing protected health information before discarding them, securing medical records with lock and key or passcode and limiting access to keys or pass codes.
Henry Ford Health knows that medical information about you is personal and is committed to protecting the privacy of your information. As a patient of Henry Ford Health, the care and treatment you receive is recorded in an electronic medical record. So that we can best meet your medical needs, we share your electronic medical record with all the health care providers involved in your care. We share your information only to the extent necessary to conduct our business operations, to collect payment for the services we provide you and to comply with the laws that govern health care. We will not use or disclose your information for any other purpose without your permission.
HIPAA provides individuals with certain rights
Access and Copies
You have the right to review, inspect or receive a copy of the medical information that we keep about you or anyone else that you have legal authorization to access medical information about. Please note that we may charge you for our costs related to your request. We may deny your request in very limited circumstances.
Accounting of Disclosures: You have the right to receive a list of your medical information disclosures, except for disclosures related to treatment, payment or healthcare operations that do not require your consent. You may submit a written request for a time-period up to six years from the date of disclosure. Your first request in a 12-month period is free. After that, we may charge a fee for additional requests.
Amendments
You have the right to submit a written request to amend your medical information, if you believe that information in your medical record is incorrect or that information is missing. We may deny the request if it is not in writing or if it does not include a reason to support the request. You may fill out the form online and submit via email, or print it and submit via mail.
Opt-Out Options
We may use and disclose your medical information in a health information exchange (HIE) with other providers who treat you, when raising funds or conducting marketing campaigns. If you wish to opt-out of any of these activities, you have the right to request to opt-out in writing. If after choosing to opt-out you wish to opt-back-in you may also do so in writing.
Restrictions
You have the right to submit a written request to restrict how we use or disclose your medical information. We will send you a written response informing you about our ability to honor your request.
Alternate Communications
You have the right to request that your medical information be shared with you in a confidential manner, such as at work rather than at home. If you request for us to email your medical information to you, we will do so securely unless otherwise authorized by you or your legal designee.
Copies of our Notice of Privacy Practices
You have a right to receive a copy of our current Notice. If this Notice was previously sent to you electronically, you may request a paper copy at any time.
Notification of a Breach
You have a right to be notified in writing if there is a breach in the privacy or security affecting your medical information.
File a complaint with Henry Ford Health or the Office for Civil Rights
If you have any questions about this Notice, or questions or complaints about the handling of your medical information, you may contact the Information Privacy & Security Office at Henry Ford Health or the Office for Civil Rights.
European Residents
Data Subject Rights for European Residents
Under the EU General Data Protection Regulation (GDPR), you have the right to request access to your personal data. You also have the right to request that Henry Ford Health rectify or erase your personal data or restrict the processing of your data. You may also submit an objection to Henry Ford Health processing of your personal data or request data portability. However, please note that Henry Ford Health may not always be obligated to comply with a request for deletion, restriction, objection, or data portability. Assessment will be made on a case by case basis of Henry Ford Health’ legal obligations and the exceptions to such rights. In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you.
Additionally, in the circumstances where you may have provided your consent to the collection, processing and transfer of our personal data for a specific purpose, you have the right to withdraw your consent for that specific purpose at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so by law.
If you would like to exercise any of your rights under HIPAA or GDPR, please contact the Information Privacy & Security Office at (313) 874-9561 or email IPSO@HFHS.org.
Note: Throughout these web pages on patient privacy you may click on any link to view the Adobe PDF version of a document or form.
Henry Ford Health does not exclude, deny benefits to, restrict visitation, or otherwise discriminate against any person on the ground of race, color, national origin, religion, sex, height, weight, marital status, sexual orientation, gender identity, or on the basis of disability or age in admission to, participation in, or receipt of the services and benefits under any of its programs and activities.