Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This notice applies to the following Mayo entities and health care practices sites (collectively referred to as "Mayo Clinic"):

Minnesota: Mayo Clinic Rochester, Mayo Clinic Hospital — Saint Marys Campus, Mayo Clinic Hospital — Methodist Campus, Mayo Psychiatry and Psychology Treatment Center (Generose), Mayo Foundation for Medical Education and Research, Mayo Clinic Hospice, Charter House, Mayo Clinic Pharmacy, Mayo Clinic Store, the Mayo Family Practice Clinic Kasson and the Mayo Family Clinic Northwest and Northeast (collectively referred to as "Mayo Minnesota Entities").

Florida: Mayo Clinic Jacksonville and its health care practice sites including, but not limited to, its affiliated hospital and the primary care practices in Jacksonville Beach and St. Augustine, and Physician and Hospital Practices, Inc. (collectively referred to as "Mayo Florida Entities")

Arizona: Mayo Clinic Arizona and its health care practice sites including, but not limited to, Mayo Clinic Building (Scottsdale Campus), Mayo Clinic Specialty Building (Phoenix Campus), Mayo Clinic Hospital (Phoenix Campus), Mayo Clinic Family Medicine — Arrowhead, Mayo Clinic Family Medicine — Thunderbird, and Mayo Clinic Women's Health Internal Medicine (collectively referred to as "Mayo Arizona Entities")

Mayo Clinic's Duties

By law, Mayo Clinic must keep protected health information private. The federal government defines protected health information as any information, whether oral, electronic or paper, which is created or received by Mayo Clinic and relates to a patient's health care or payment for the provision of medical services. This includes not only the results of tests and notes written by doctors, nurses and other clinical personnel, but also certain demographic information (such as your name, address and telephone number) that is related to your health records.

Mayo Clinic is required by law to give you this notice and to follow the terms and conditions of the notice that is currently in effect.

How Mayo Clinic Fulfills These Duties

  • Mayo Clinic considers patient privacy as part of its mission to serve the needs of the patient first.
  • Mayo Clinic takes necessary precautions against inappropriate use or disclosure of medical information.
  • Mayo Clinic employees are expected to access medical information only as necessary to perform their jobs.
  • Mayo Clinic employees who violate these rules and policies are subject to sanctions, including discipline and termination.

The Health Care Providers Covered By This Notice

This notice covers Mayo Clinic and Mayo Clinic personnel, volunteers, students, and trainees. The notice also covers other health care providers that come to Mayo Clinic's facilities to care for patients (such as physicians, physician assistants, therapists, and other health care providers not employed by Mayo Clinic), unless these other health care providers give you their own notice of privacy practices that describes how they will protect your medical information. Mayo Clinic may share your medical information with these other health care providers for their treatment, payment and health care operations. This arrangement is only for sharing information and not for any other purpose.

A Word about Federal and State Law

Federal and state laws require Mayo Clinic to protect your medical information and federal law requires Mayo Clinic to describe to you how we handle that information. When federal and state privacy laws differ, and the state law is more protective of your information or provides you with greater access to your information, then state law will override federal law. For example, where we have specifically identified additional applicable state law requirements in this notice, the referenced Mayo entities will follow the more stringent state law requirements.

Part I - Most Common Uses and Disclosures

This section describes the most common circumstances in which Mayo Clinic may use or disclose protected health information.

Treatment

Mayo Clinic will use and disclose protected health information to provide, coordinate or manage your care. This includes communication and consultation between health care providers - doctors, nurses, technicians and other members of your medical team. This applies to disclosures for treatment purposes to health care providers both within and outside of Mayo Clinic. For example, following orthopedic surgery, your doctor may refer you for rehabilitation. Information will be shared between caregivers to ensure continuity of care.

Additional Applicable State Law Requirements

Minnesota law generally requires patient consent for disclosures of protected health information by Mayo Minnesota Entities for treatment purposes, unless the disclosure is to a Mayo-related entity or consent is not possible due to a medical emergency.

Payment

Mayo Clinic will use and disclose protected health information to create bills and collect payment from insurance companies, Medicare and other payers. This may include providing information such as dates of service, symptoms and diagnosis to your insurance company to show that Mayo Clinic provided medical services to you. Mayo Clinic also may disclose protected health information to another health care provider if such information is needed by the other health care provider to obtain payment for medical services provided to you.

Additional Applicable State Law Requirements

Minnesota law generally requires patient consent for disclosures of protected health information by Mayo Minnesota Entities for payment purposes, unless the disclosure is to a Mayo-related entity.

Florida law generally requires patient consent for disclosures of protected health information by Mayo Florida Entities for payment purposes.

Health Care Operations

Mayo Clinic will use and disclose protected health information if it is necessary to improve the quality of care we provide to patients or to run our health care facilities. These include activities to monitor and improve patient care, license staff to care for patients, prepare for state and federal regulatory reviews, train health care and non-health care professionals, manage health care operations and improve health care services. Here are some examples:

  • To reduce the infection rate after a surgery, it would be necessary to look at medical records to determine the rate of infections that occurred.
  • To be licensed to do a certain procedure, a doctor may be required to show that he or she has successfully completed a number of procedures under the supervision of another physician.
  • A Federal Drug Administration inspector may review patient records in a laboratory to ensure that accurate and complete records are maintained for patient safety.

Mayo facilities across the country, including but not limited to Mayo Clinic Rochester, Mayo Clinic Jacksonville and Mayo Clinic Arizona, and the Mayo Health System clinics and hospitals in Iowa, Minnesota and Wisconsin, also work closely together to improve health care operations across the Mayo system, and we may use protected health information for those activities.

Mayo Clinic also may disclose protected health information to another health care provider who has treated you, or to your insurance company, if such information is needed for certain health care operations of the health care provider or insurance company, such as quality improvement activities, evaluations of health care professionals, and state and federal regulatory reviews.

Additional Applicable State Law Requirements

Minnesota law generally requires patient consent for disclosures of protected health information by Mayo Minnesota Entities for health care operations purposes, unless the disclosure is to a Mayo-related entity.

Florida law generally requires patient consent for disclosures of protected health information by Mayo Florida Entities for health care operations purposes.

Patient Contacts

At times, Mayo Clinic may access information, such as your name, address and general medical condition to contact you to:

  • set up or remind you about future appointments;
  • provide information about treatment alternatives or other information that may be of interest to you; or
  • disclose health-related benefits or services that may be of interest to you.

Additional Applicable State Law Requirements

Florida law generally requires patient consent for Mayo Florida Entities to contact their patients for purposes of providing information regarding treatment alternatives, services or goods.

Philanthropy

Mayo Clinic may contact you to raise funds to sustain the Mayo mission. For example, you may receive letters or other publications asking you to consider making a tax-deductible contribution to Mayo. When conducting fundraising activities, Mayo Clinic may access only your basic demographic information (such as name and contact information) and the dates that you were treated at Mayo Clinic. Mayo Clinic does not sell or rent patients' names or addresses to any organization outside of Mayo.

Facility Directory/Patient Census

Mayo Clinic may include your name, location in a facility, health condition (in general terms, such as "good," "fair") and religious affiliation (should you choose to provide one) in current patient lists for our facilities. This information is maintained for Mayo Clinic personnel to assist family members and other visitors or persons in locating you while you are in Mayo Clinic's facilities. For example, a relative may wish to visit you in the hospital and would need to know your hospital room number. A family member meeting you for an appointment may have forgotten which floor your appointment is on. This information is only shared with people who ask for you by name or with members of the clergy. If you indicate a religious affiliation, it will be shared only with members of the clergy. You can choose not to have such information released from the facility directory/patient census. If you do not want Mayo Clinic to release such information, please inform the person assisting you during registration and/or admission.

Family Members and Others Involved in Your Care

Mayo Clinic may disclose relevant protected health information to a family member or friend who is involved with your care. We find that many patients want us to discuss their care with their family members and others to keep them up-to-date on your care, to help you understand your care, to help in handling your bills, or to help in the scheduling of your appointments. In a disaster situation, we also may disclose relevant protected health information to disaster relief organizations to help locate your family members or friends or to inform them of your location, condition or death. If family members or friends are present while care is being provided, Mayo Clinic will assume your companions may hear the discussion, unless you state otherwise. If you do not want Mayo Clinic to disclose your protected health information to your family members or others who are involved with your care or handling your bills, please inform the person assisting you during registration and/or admission.

Medical Research

Medical research is vital to the advancement of medical science. Federal regulations permit use of protected health information in medical research, either with your authorization or when the research study at Mayo Clinic is reviewed and approved by an Institutional Review Board before any medical research study begins. In some situations, limited information may be used before approval of the research study to allow a researcher to determine whether enough patients exist to make a study scientifically valid.

Additional Applicable State Law Requirements

Minnesota law generally requires patient consent for disclosures of protected health information by Mayo Minnesota Entities to outside researchers for medical research purposes. Mayo Minnesota Entities will obtain such consent from their patients or refusal to participate in any research study, or will make a good faith effort to obtain such consent or refusal, before releasing any identifiable information to an outside researcher for research purposes.

Part II - Other Potential Uses and Disclosures

This section describes the less common circumstances in which Mayo Clinic may use or disclose protected health information.

To Avert a Serious Threat of Harm

Mayo Clinic may use and disclose protected health information to alert those able to prevent or lessen a serious and immediate threat to the health or safety of a patient, another person or the public.

Organ and Tissue Donation

If Mayo Clinic professionals determine that a patient might be a candidate for organ or tissue donation, Mayo Clinic may release protected health information to organizations that handle organ procurement, or organ, eye, tissue donation banks, or other health care organizations as needed to make organ or tissue donation and transplantation possible.

Military Personnel

If a patient is a member of the United States Armed Forces, Mayo Clinic may release protected health information as required by military authorities. Mayo Clinic also may release protected health information about foreign military personnel to the appropriate foreign military authority. When the military organization is sponsoring the medical evaluation, the patient's medical information is shared with both the patient and the sponsoring organization. Patients being evaluated on behalf of the military should be aware of these arrangements.

Additional Applicable State Law Requirements

Minnesota law generally requires patient consent for disclosures of protected health information by Mayo Minnesota Entities for the military purposes referenced above, unless the disclosure is specifically required by federal law.

Workers' Compensation

Mayo Clinic may disclose protected health information for workers' compensation or similar programs as authorized or required by law. These programs provide benefits for work-related injuries or illness.

Public Health Purposes

Mayo Clinic may disclose protected health information for public health purposes. The following are some examples of releases that are allowed for public health purposes:

  • to report vital statistics (e.g., births, deaths);
  • to report to the federal government adverse reactions to medication or safety problems with FDA-regulated products;
  • to notify people of product recalls; and
  • to report communicable diseases to local, county, state, and federal health officials.

Health Oversight Activities

Mayo Clinic may disclose protected health information to health oversight agencies that oversee our operations or personnel. For example, Mayo Clinic may need to disclose protected health information to the state agencies that oversee our health care facilities or licensed health care personnel (e.g., Department of Health, Medical Board, Nursing Board), or the federal agencies that oversee Medicare. These agencies need such information to monitor our compliance with state and federal laws.

Lawsuits and Other Judicial Proceedings

Mayo Clinic may disclose protected health information in response to a valid court or administrative order. Mayo Clinic also may disclose protected health information in response to certain types of subpoenas, discovery requests or other lawful process.

Law Enforcement Activities

Mayo Clinic may disclose protected health information to law enforcement officials. For example, we may release protected health information to law enforcement officials:

  • in response to a valid court order, grand jury subpoena, or search warrant;
  • to identify a suspect, fugitive or missing person;
  • about the victim of a crime under certain limited circumstances;
  • about a death believed to be a result of criminal conduct; or
  • about a crime committed on Mayo Clinic premises.

Additional Applicable State Law Requirements

Minnesota law generally requires patient consent for disclosures of protected health information by Mayo Minnesota Entities for law enforcement purposes, unless the disclosure is in response to a valid court order or warrant.

Coroners, Medical Examiners and Funeral Directors

Mayo Clinic may release protected health information to a coroner or medical examiner when necessary to identify the deceased, determine the cause of death or as otherwise authorized by law. Mayo Clinic also may release protected health information to a funeral director as necessary to carry out the funeral director's duties, including arrangements after death.

Additional Applicable State Law Requirements

Minnesota law generally requires the consent of a patient's authorized family or legal representative for disclosures of protected health information by Mayo Minnesota Entities to funeral directors.

National Security Activities

Mayo Clinic may release protected health information to authorized federal officials for intelligence, counterintelligence or other national security activities authorized by law. Mayo Clinic also may disclose protected health information to authorized federal officials so they may provide protection to the President or other authorized individuals.

Additional Applicable State Law Requirements

Minnesota law generally requires patient consent for disclosures of protected health information by Mayo Minnesota Entities for national security purposes, unless the disclosure is specifically required by federal law.

Florida law generally requires patient consent for disclosures of protected health information by Mayo Florida Entities for national security purposes, unless the disclosure is specifically required by federal law.

Required by Law

Mayo Clinic will use or disclose protected health information when required by federal, state, or local laws. For example, Mayo Clinic is required to report certain gunshot wounds and other injuries that may have resulted from an unlawful act, and abuse or neglect of a child or vulnerable adult.

Information with Additional Protections

Certain types of protected health information may have additional protection under federal or state law. For example, protected health information about HIV/AIDS and genetic testing results is treated differently than other types of protected health information under certain state laws. Additionally, federally assisted alcohol and drug abuse programs are subject to certain special restrictions on the use and disclosure of alcohol and drug abuse treatment information. To the extent applicable, Mayo Clinic would need to get your written permission before disclosing that information to others in many circumstances.

Uses and Disclosures Pursuant to an Authorization

Except as described in this notice or specifically required or permitted by law, Mayo Clinic will not use or disclose your protected health information without your specific written authorization. At times, a Mayo Clinic entity may ask you to provide specific written permission to allow the Mayo Clinic entity to use or disclose medical information about you. A valid authorization may be revoked in writing at any time. Written revocation of authorization must be submitted to the applicable Mayo Clinic entity and addressed to the attention of the Office of Patient Affairs for Mayo Minnesota Entities, the Privacy Officer for Mayo Florida Entities, or the Medical Records Department for Mayo Arizona Entities. Once authorization is revoked, the Mayo Clinic entity will no longer be allowed to use or disclose protected health information for the purposes described in the authorization except to the extent the Mayo Clinic entity has already taken action based upon the authorization.

Part III - Patients' Rights with Respect to Protected Health Information

This section describes the rights of Mayo Clinic patients to protected health information.

Right to Inspect and Copy

You have the right to inspect and to request a copy of information maintained in Mayo Clinic's designated medical record about you. This includes medical and billing records maintained and used by Mayo Clinic to make decisions about your care.

To obtain or inspect a copy of your medical information, submit a written request to the applicable Mayo Clinic entity and address the request to the attention of the Office of Patient Affairs for Mayo Minnesota Entities, the Medical Records Department for Mayo Florida Entities, or the Medical Records Department for Mayo Arizona Entities. Mayo Clinic generally may charge a reasonable, cost-based fee to cover the expense of providing copies. Mayo Arizona Entities are not permitted under Arizona law to charge a fee if the information is needed for treatment purposes.

Most patients have full access to inspect and receive a copy of the full medical record. On rare occasions, Mayo Clinic may deny a request to inspect and receive a copy of some information in the medical record. For example, this may occur if, in the professional judgment of a patient's physician, the release of the information would be reasonably likely to endanger the life or physical safety of the patient or another person.

Right to Request Alternate Methods of Communication

You have a right to request that Mayo Clinic communicate with you in certain ways (such as a letter or by phone) or at a certain location. For example, you may ask that we contact you only at home or only at your place of business. In this situation, you may submit a written request to the applicable Mayo Clinic entity specifying the communication method or alternative location being requested. The request should be addressed to the attention of the Office of Patient Affairs for Mayo Minnesota Entities, the Privacy Officer for Mayo Florida Entities, or the Medical Records Department for Mayo Arizona Entities. Mayo Clinic will accommodate reasonable requests. However, if the request could result in Mayo Clinic not being able to collect for services, Mayo Clinic reserves the right to require you to provide additional information about how payment for services will be handled.

Right to Request Amendment

You have the right to request that your protected health information in Mayo Clinic's designated medical record for you be amended. If you wish to request amendment of the information in your record, submit a written request to the applicable Mayo Clinic entity and address the request to the attention of the Office of Patient Affairs for Mayo Minnesota Entities, the Privacy Officer for Mayo Florida Entities, or the Medical Records Department for Mayo Arizona Entities. The request must include a reason to support the amendment. Mayo Clinic may deny a request for amendment based upon any of the following circumstances:

  • the request is not in writing or does not include a supporting reason;
  • the information you want to change was not created by Mayo Clinic, and the originator of the information is available to make the amendment;
  • the information is not part of the designated medical record; or
  • the information in the record is accurate and complete.

If Mayo Clinic denies your request for an amendment, Mayo Clinic will give you a written explanation of the denial. If you still disagree with the explanation provided, you can submit your written disagreement to Mayo as referenced above, or you can ask that your request for amendment and explanation of the denial be included in any future disclosure of the pertinent protected health information. If you submit a statement of disagreement, Mayo Clinic may include a rebuttal statement addressing your statement of disagreement in the designated medical record.

Right to a List of Certain Disclosures

You can ask Mayo Clinic for a list of the persons or organizations to which Mayo Clinic has disclosed your protected health information. This list would provide you with a summary of certain disclosures Mayo Clinic has made that you would not otherwise be in a position to know about. The following are examples of disclosures that would not be included in the list:

  • disclosures to carry out treatment, payment and health care operations;
  • disclosures made directly to you (the patient) or disclosures that you have specifically authorized;
  • disclosures made from the facility directory/patient census;
  • disclosures to persons involved in your care;
  • disclosures incident to a use or disclosure that is otherwise permitted or required by law;
  • disclosures made for national security or intelligence purposes;
  • disclosures made to correctional institutions or law enforcement officials having custody over a patient; or
  • disclosures that took place before April 14, 2003.

To get a copy of the list, submit a written request to the applicable Mayo Clinic entity and address the request to the attention of the Office of Patient Affairs for Mayo Minnesota Entities, the Privacy Officer for Mayo Florida Entities, or the Medical Records Department for Mayo Arizona Entities. Your request must state a time period (beginning no earlier than April 14, 2003 when the federal privacy rules go into effect and for no longer than six years). The first list requested within a 12-month period shall be provided at no charge. For additional lists requested during the same 12-month period, Mayo Clinic may charge for the costs of providing the list.

Right to Request Restrictions

You can ask Mayo Clinic to restrict the use or disclosure of protected health information about you for treatment, payment or health care operations. Your request must be in writing and submitted to the applicable Mayo Clinic entity. The request should also be addressed to the attention of the Office of Patient Affairs for Mayo Minnesota Entities, the Privacy Officer for Mayo Florida Entities, or the Medical Records Department for Mayo Arizona Entities. Mayo Clinic will carefully consider all requests. However, because of the integrated nature of Mayo Clinic's medical record, Mayo Clinic is not generally able to honor most requests, nor is Mayo Clinic legally required to do so.

Complaints

If you want to file a complaint or express concerns about Mayo Clinic's use or disclosure of protected health information, please contact the applicable Mayo Clinic entity as follows:

Mayo Minnesota Entities:

Mayo Clinic Rochester
Attn: Office of Patient Affairs
200 First Street, S.W.
Rochester, Minnesota 55905
Telephone: 507-284-4988

Mayo Florida Entities:

Mayo Clinic Jacksonville
Attn: Privacy Officer
4500 San Pablo Road
Jacksonville, Florida 32224
Telephone: 904-953-2030

Mayo Arizona Entities:

Mayo Clinic Arizona
Attn: Patient Administrative Liaison Office
13400 East Shea Boulevard
Scottsdale, Arizona 85259
Telephone: 480-301-4938

You also may file a written complaint with the United States Department of Health and Human Services — Office of Civil Rights.

Mayo Clinic honors your right to express concerns regarding your privacy. Mayo Clinic would not - nor could it legally or ethically - take action against you for filing a concern or complaint regarding the use or disclosure of your health information. Mayo Clinic reserves the right, however, to take necessary and appropriate action to maintain an environment that serves the best interests of its patients and providers.

Key Information about this Notice

  • This is a revised notice for the Mayo entities and health care practice sites referenced on the first page (collectively referred to as "Mayo Clinic"). The effective date of this revised notice is December 2007.
  • Additional paper copies of this notice will be provided upon request.
  • From time to time, Mayo Clinic may change its practices concerning how we use or disclose protected health information, or how we will implement patient rights concerning their information. Mayo Clinic reserves the right to change the terms of this notice and make the new notice provisions effective for all protected health information maintained by Mayo Clinic. Mayo Clinic will follow the terms and conditions of the notice that is currently in effect.
  • When the notice is revised, it will be posted at Mayo Clinic facilities. It will also be available upon request at Mayo Clinic facilities, by mail, and via the following web sites:

    - Mayo Minnesota Entities:
    http://www.mayoclinic.org/

    - Mayo Florida Entities:
    http://www.mayoclinic.org/jacksonville/

    - Mayo Arizona Entities:
    http://www.mayoclinic.org/scottsdale/

Need More Information?

If you have any questions, or would like to discuss this in more detail, please contact the privacy officer for the applicable Mayo Clinic entity. More information is also available at the web sites for such entities.