Privacy & Security
If you have any questions about this Notice, please contact the Privacy Office at (404) 616-1706 or via e-mail at [email protected].
Grady Health System is committed to protecting the privacy rights of its patients. HIPAA regulations guide how we handle patient privacy and disclosure of patient information. To learn more about the privacy of your medical information, you can read our Notice of Privacy Practices.
Notice of Privacy Practices
Our notice of Privacy Practice summarizes how Grady may use and disclose medical information about you. It also describes your rights and our duties regarding the use and disclosure of your medical information. This notice applies to all records of your care at Grady, whether made by Grady personnel or by your doctor.
Summary and Notice of Privacy Practices (English)
Summary and Notice of Privacy Practices (Spanish)
If you have questions about this notice, please contact Grady’s Corporate Compliance Office at (404) 616-2118 or email [email protected].
Hospitals make and keep records of medical information. While you are a patient here, we will use and disclose your medical information:
- To provide treatment to you and to keep a record describing your care
- To receive payment for the care we provide
- To administer the hospital properly
- To comply with the law
We are required by law:
- To keep your medical information confidential in accordance with legal requirements
- To give you this notice of our legal duties and privacy practices with respect to your medical information
- To follow the terms of this notice that is currently in effect
Note: Georgia and Federal Law provide protection for certain types of health information, including information about alcohol or drug abuse, mental health, and AIDS/HIV, and may limit whether and how we may disclose information about you to others. Uses and Disclosures of Your Medical Information
We may use your medical information to provide medical treatment or services to you. We may disclose medical information about you to doctors, nurses, technicians, medical, nursing, other healthcare students, or other personnel taking care of you. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietitian if you have diabetes so you can have appropriate meals. We may share your medical information to schedule necessary tests and procedures, such as prescriptions, laboratory tests, and x-rays. We also may disclose your medical information to healthcare facilities if you need to be transferred from one hospital to another hospital, a nursing home, a home health provider, or a rehabilitation center. We also may disclose your medical information to people outside the hospital who are involved in your care after you leave the hospital.
We may use and disclose your medical information so that the treatment and services you receive can be billed and collected from you, an insurance company, or another third party. For example, we may give your health plan information about surgery you received so your health plan will pay us for the surgery. We also may tell your health plan about a treatment you are going to receive in order to obtain prior approval from your plan to cover payment for the treatment.
We may use and disclose your medical information for Hospital operations, such as for peer review, performance improvement, risk management, and our compliance with licensure, accreditation or certification requirements. For example, we may disclose your medical information to doctors on our Medical Staff who review treatment of patents. We may disclose information to doctors, nurses, technicians, medical, nursing or other healthcare students, and Hospital personnel for teaching. We may combine medical information about many patients to decide what services the Hospital should offer, and whether new services are cost-effective and how we compare with other hospitals. Sometimes, we may remove identifying information from this medical information so others may use it to study health care and healthcare delivery without learning who you are. We may disclose information to other healthcare providers involved in your treatment to permit them to carry out the work of their facility or to get paid. For example, we may provide information about your treatment to an ambulance company that brought your to the Hospital so that the ambulance company can get paid for their services.
Activities of Our Affiliates
We may disclose your medical information to our affiliates in connection with your treatment or other hospital activities.
Activities of Organized Healthcare Arrangements in Which We Participate
For certain activities, the Hospital, members of its Medical Staff, and other independent professionals are called an Organized Healthcare Arrangement. We may disclose information about you to healthcare providers participating in our Organized Healthcare Arrangements, such as a managed care or physician-hospital organization. Such disclosures would be made in connection with our services, your treatment under a health plan arrangement, and other activities of the Organized Healthcare Arrangement.
Independent Medical Professionals
The Hospital may share your medical information with members of the Hospital Medical Staff and other independent medical professionals in order to provide treatment and perform other activities such as peer review, quality improvement, medical education, and other services for the Hospital. While those professionals may follow this Notice and otherwise participate in the privacy program of the Hospital, they are independent professionals and the Hospital and those independent professionals each expressly disclaim any responsibility or liability for their acts or omissions of the other with regard to violations of your privacy rights as described in this notice.
Health Services, Treatment Alternatives, and Health-Related Benefits
We may use and disclose your medical information to tell you about (i) health-related products or services that we offer, (ii) other providers participating in a healthcare network that we participate in, (iii) possible treatment options or alternatives, or (iv) health-related benefits or services that may be of interest to you. We also may use that information to communicate with you to coordinate your care. We may use and disclose your medical information to contact and remind you of an appointment for treatment or medical care.
We may use your medical information to raise money for the Hospital. We may disclose information such as your name, address, telephone number, gender, age, and the dates you received treatment at the Hospital to a Hospital foundation so it can contact you. If you do not want the Hospital to contact you for fundraising or you want to opt-out of current fundraising communications, please notify the Contact Person listed below in writing.
We may include certain information about you in the Hospital Directory while you are a patient in the Hospital. This information may include your name, your room number, your general condition (fair, stable, etc.) and your religious affiliation. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they don’t ask for you by name. Disclosure of your room will not reveal that you are in a specific unit or area of the Hospital, if such information would reveal that you are at the Hospital for treatment of rape or attempted rape, HIV/AIDS, or alcohol/drug abuse. Directory information, except for your religious affiliation, may be released to people who ask for you by name. This is so your family, friends, and clergy can visit you in the Hospital and generally know how you are doing. If you do not want this information given out, please tell the Patient Access Employee (i.e., Registration Clerk, Financial Counselor, Admitting Representative, ECC patient Representative).
Individuals Involved in Your Care or Payment for Your Care
We may release your medical information to the person you named in your Durable Power of Attorney for Health Care (if you have one), or to a friend or family member who is your personal representative (i.e., empowered under state or other law to make health-related decisions for you). We may give information to someone who helps pay for your care. In addition, we may disclose your medical information to an entity assisting in disaster relief efforts so that your family can be notified about your condition. We may disclose information to pharmaceutical companies and/or their agents to confirm your eligibility and support applications for manufacturer-sponsored drug assistance programs.
We may use or disclose your medical information electronically with other hospitals, doctors, and/or medical persons or facilities involved in your treatment. You must authorize Grady to provide your electronic medical records to your provider through CareEverywhere. You have the right to decline to participate in CareEverywhere. You will receive treatment even if you do not wish to participate in CareEverywhere. We will not share your information through CareEverywhere without your permission.
We may use and disclose your medical information for research purposes. Most research projects, however, are subject to a special approval process. Most research projects require your permission if a researcher will be involved in your care or will have access to your name, address, or other information that identifies you. However, the law allows some research to be done using your medical information without requiring your authorization.
As Required By Law
We will disclose your medical information when federal, state, or local law requires it. For example, the Hospital must comply with child abuse reporting laws and laws requiring us to report certain diseases or injuries to state or federal agencies.
Serious Threat to Health or Safety
We may use and disclose your medical information when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
Organ and Tissue Donation
If you are an organ donor, we may release your medical information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to aid in its organ or tissue donation and transplantation process.
Military and Veterans
If you are a member of the U.S. or foreign armed forces, we may release your medical information as required by military command authorities.
We may release medical information about you for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illnesses.
If you are a minor (under 18 years old), the Hospital will comply with Georgia law regarding minors. We may release certain types of your medical information to your parent or guardian if such release is required or permitted by law.
Public Health Risks
We may disclose your medical information for public health purposes:
- To prevent or control disease, injury, or disability,
- To report births and deaths,
- To report child or adult abuse, neglect or violence,
- To report reactions to medications or problems with products,
- To notify people of recalls of products they may be using
- To notify a person who may have been exposed to a disease or may be at risk for getting or spreading a disease or condition.
Health Oversight Activities
We may disclose your medical information to a federal or state agency for health oversight activities such as audits, investigations, inspections, and licensure of the Hospital and of the providers who treated you at the Hospital. These activities are necessary for the government to monitor the healthcare system, government programs, and compliance with laws.
Lawsuits and Disputes
We may disclose your medical information to respond to a court or administrative order or a search warrant. We also may disclose your medical information in response to a subpoena, discovery request, or other lawful process by someone else involved in a dispute, but only if efforts have been made to tell you about the request and you have been provided an opportunity to object or to obtain an appropriate court order protecting the information requested.
Subject to certain conditions, we may disclose your medical information for a law enforcement purposes upon the request of a law enforcement official.
Medical Examiners and Funeral Directors
We may disclose your medical information to a medical examiner or funeral director so they may carry out their duties.
We may disclose your medical information to authorized federal officials for national security activities authorized by law.
We may disclose your medical information to authorized federal officials so they may provide protection to the President and other persons.
If you are an inmate of a correctional institution or under the custody of a law enforcement officer, we may release your medical information to the correctional institution or a law enforcement officer. This release would be necessary for the Hospital to provide you with health care, to protect your health and safety or the health and safety of others, or for the safety and security of the law enforcement officer or the correctional institution.
Other uses of Medical Information
Other uses and disclosures of your medical information not covered by this Notice or the laws and regulations that apply to Grady Health System will be made only with your written permission. If you give us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose your medical information for the reasons covered by your written authorization, but the revocation will not affect actions we have taken in reliance on your permission. You understand that we are unable to take back any disclosures we have already made with your permission, we still must continue to comply with laws that require certain disclosures, and we are required to retain our records of the care that we provided to you.
Your Privacy Rights
Right to Review and Right to Request a Copy
You have the right to review and copy medical information in your medical and billing records. The Health Information Management Department, sometimes called the Medical Records Department has a form you can fill out to request to review or copy your medical information, and will tell you how much it will cost to provide your medical information. You have the right to request that your electronic health records be given to you in electronic form or be transmitted in electronic form directly to a third party. We will tell you if we cannot fulfill your request. If you are denied the right to see or copy your medical information, you may ask us to reconsider our decision. Depending on the reason for the decision, we may ask a licensed healthcare professional to review your request and its denial. We will comply with this person’s decision.
Right to Amend
If you feel your medical information in our records is incorrect or incomplete, you may ask us in writing to amend the information. You must provide a reason to support your requested amendment. We will tell you if we cannot fulfill your request. The Contact Person listed below can help you with your request.
Right to an Accounting of Disclosures
You have the right to make a written request for a list of certain disclosures the Hospital has made of your medical information. This list is not required to include all disclosures we make. Disclosure for treatment, payment, or Hospital administrative purposes, disclosures made before April 14, 2003, disclosures made to you or which you authorized, and other disclosures may not be required to be listed. You have the right to request an accounting of disclosures made through an electronic health record to carry out treatment, payment, and health care operations, for the preceding three (3) year period. The Contact Person listed below can help you with this process, if needed, and can tell you how much it will cost.
Right to Request Restrictions on Disclosures
You have the right to make a written request to restrict or put a limitation on the medical information we use or disclose about you for treatment, payment or health-care operations. You also have the right to request a limit on your medical information that we disclose to someone involved in your care or the payment for your care, like a family member or friend. We are not required to agree to your request. However, if we do agree, we will comply with your request unless the information is needed to provide you with emergency treatment or to make a disclosure that is required under law. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosures to your adult children. If you pay in full for your services out-of-pocket, you can request that information regarding those services not be disclosed to third-party payors.
Right to Request Confidential Communications
You have the right to make a written request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we contact you only at work or by mail. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted. The Contact Person listed below can help you with these requests if needed.
Right to a Paper Copy of This Notice
You have the right to receive a paper copy of this Notice at any time even if you have agreed to receive this Notice electronically. You may obtain a copy of this Notice at our website, www.gradyhealth.org or a paper copy from the Contact Person listed below.
Changes to this Notice
We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for medical information we already have about you as well as for any information we receive in the future. We will post the current Notice in the Hospital.
We are required, in certain instances, to notify patients whose medical information has been breached. In the event we determine notification is required, notification will occur by first class mail within 60 days of the discovery of the breach or as otherwise required by law.
How to File a Complaint
If you believe your privacy rights have been violated, you may file a written complaint with the Hospital or with the Secretary of the Department of Health and Human Services or HHS. Generally, a complaint must be filed with HHS within 180 days after the act or omission occurred, or within 180 days of when you knew or should have known of the action or omission.
To file a privacy complaint with Grady Health System, contact the Grady Health System Corporate Compliance Office at telephone number (404) 616-2118 or email [email protected]. You will not be denied care or discriminated against by the Hospital for filing a complaint.
We understand, acknowledge, and respect any individual’s right to privacy and the concerns one may have in regard to privacy and security. We recognize the importance of protecting the privacy of information provided by our patients, as well as, general users of our website.
The Grady Health System Notice of Privacy Practices is a separate document that governs how medical information about you may be used and disclosed by Grady Health System.
IF THIS IS A MEDICAL EMERGENCY, PLEASE IMMEDIATELY CALL EMERGENCY PERSONNEL (911) TO GET PROMPT MEDICAL ATTENTION. DO NOT RELY ON ELECTRONIC COMMUNICATIONS OR THIS WEBSITE FOR ASSISTANCE IN REGARD TO YOUR IMMEDIATE, URGENT MEDICAL NEEDS. THIS WEBSITE IS NOT DESIGNED TO FACILITATE MEDICAL EMERGENCIES. GRADY HEALTH SYSTEM CANNOT GUARANTEE RESPONSE TIMES IF YOU CHOOSE TO USE THIS WEBSITE IN THE EVENT OF A MEDICAL EMERGENCY.
A visitor can access and browse our entire site at any time without providing any personal information. We do not collect information that would personally identify you unless you choose to provide it.
In addition, Grady Health System does not share any personally identifiable information of any individual with any third party unrelated to Grady Health System, except in situations where we must provide information for legal purposes or investigations, or if so directed by the patient through a proper authorization.
Our website contains forms through which users may request information or supply feedback to us. In some cases, telephone numbers, e-mail addresses or return addresses are required so that we can supply requested information to you, and in other cases, correct names and addresses are required to process credit card payments.
After you fill out a form, we may contact you with follow-up information (unless you have checked an “opt-out” box on the form). We do not provide any information supplied on our web forms to any outside organization for any reason (other than where we may be required to by law, or as necessary to process credit card information). We do not save this personal information for any other reason.
Occasionally, we may survey visitors to our site. The information from these surveys is used in aggregate form to help us understand the needs of our visitors so that we can improve our site. We generally do not ask for information in surveys that would personally identify you. If we do request contact information for follow-up, you may decline to provide it. If survey respondents provide personal information (such as an e-mail address) in a survey, it is shared only with those people who need to see it to respond to the question or request.
“Phishing” is a scam designed to steal your personal information. If you receive an e-mail that looks like it is from Grady Health System asking you for your personal information, do not respond. We will never request your password, user name, credit card information or other personal information through e-mail.
User Name and Password
In the event you access any Service requiring a User Name and Password, you are solely responsible for keeping such User Name and Password strictly confidential.
Grady Health System collects non-personal information such as website usage, traffic patterns, site performance and related statistics based on our tracking of your visits to the website.
The Web server automatically collects the IP (which stands for Internet Protocol) address of the computers that access our site. An IP address is a number that is assigned to your computer when you access the Internet. It is not truly personally identifiable information because many different individuals can access the Internet via the same computer. We use this information in aggregate form to understand how our site is being used and how we can better serve visitors.
Please note that although such information is not personally identifiable, we can determine from an IP address a visitor’s Internet Service Provider and the geographic location of his or her point of connectivity.
First Party Cookies
We collect information about visitors to our site using “first-party cookies”, which are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser. Cookies are never associated with specific personal identities. First-party cookies are distinct from third-party cookies that they are created and directly served by the company hosting the website.
We use two types of “cookies” on this site:
- We use persistent cookies to recognize a repeat visitor, enabling us the opportunity to offer the visitor a set of services or information requested in a previous visit.
- We use session cookies to track a visitor’s path through our site during a visit, to help us understand how people use our site.
You can delete our cookies at any time. The “help” section, located on the toolbar of most browsers, will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie or how to disable cookies altogether. Since cookies allow you to take full advantage of some of our website’s best features, we recommend that you leave them turned on.
Security of your Information
Please note that our forms are encrypted to protect your privacy. Once the information is sent to our site, it is kept in secure databases where it is not available to users on the Internet. While we sometimes ask for credit card numbers or certain service transactions, and either pass them on to a credit card processing service or process them manually, we do not store credit card numbers online.
Grady Health System periodically reviews and modifies, where appropriate, its security policies and procedures. We use reasonable care to protect your personally identifiable and confidential information provided by you to our site. Grady Health System has in place a security program that seeks to mitigate this risk substantially.
Disclaimer of Warranty
MATERIALS, SERVICES AND OTHER INFORMATION ARE PROVIDED “AS IS” BY GRADY HEALTH SYSTEM
FOR EDUCATIONAL PURPOSES ONLY. GRADY HEALTH SYSTEM MAKES NO EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR USE, TITLE OR NON INFRINGEMENT.
PLEASE NOTE THAT, BY ITS VERY NATURE, A WEBSITE CANNOT BE ABSOLUTELY PROTECTED AGAINST INTENTIONAL OR MALICIOUS INTRUSION ATTEMPTS. FURTHERMORE, GRADY HEALTH SYSTEM DOES NOT CONTROL THE DEVICES OR COMPUTERS OR THE INTERNET OVER WHICH YOU MAY CHOOSE TO SEND CONFIDENTIAL PERSONAL INFORMATION AND CANNOT, THEREFORE, PREVENT SUCH INTERCEPTIONS OF COMPROMISES TO YOUR INFORMATION WHILE IN TRANSIT TO GRADY HEALTH SYSTEM.
THEREFORE, GRADY HEALTH SYSTEM HEREBY MAKES NO GUARANTEE AS TO SECURITY, INTEGRITY OR CONFIDENTIALITY OF ANY INFORMATION TRANSMITTED TO OR FROM THIS WEBSITE, OR STORED WITHIN THIS WEBSITE.
BEYOND OUR REASONABLE CARE TO SAFEGUARD YOUR INFORMATION WHILE IN TRANSIT, GRADY HEALTH SYSTEM CANNOT AND DOES NOT GUARANTEE THE ABSOLUTE SECURITY OF ELECTRONIC COMMUNICATIONS OR TRANSMISSIONS SINCE ANY TRANSMISSION MADE OVER THE INTERNET BY ANY ORGANIZATION OR ANY INDIVIDUAL RUNS THE RISK OF INTERCEPTION.
IN ADDITION, WE HEREBY MAKE NO GUARANTEE AS TO SECURITY, INTEGRITY OR CONFIDENTIALITY OF ANY INFORMATION TRANSMITTED TO OR FROM THIS WEBSITE, OR STORED WITHIN THIS WEBSITE.
Limitation of Liability
YOU ASSUME THE SOLE RISK OF TRANSMITTING YOUR INFORMATION AS IT RELATES TO THE USE OF THIS WEBSITE, AND FOR ANY DATA CORRUPTIONS, INTENTIONAL INTERCEPTIONS, INTRUSIONS OR UNAUTHORIZED ACCESS TO INFORMATION, OR OF ANY DELAYS, INTERRUPTIONS TO OR FAILURES PREVENTING THE USE THIS WEBSITE.
Other services provided by Grady Health System on this website may require you to agree to additional terms.
BY USING THIS WEBSITE, YOU ACCEPT THESE TERMS.