Privacy
Protecting Your Privacy and Security
Protecting the privacy and security of our patients' protected health information is part of our goal to provide the best outcome for every patient every time. Across the United States, the privacy and security of patients' health information is protected by a federal law and regulations (commonly referred to as HIPAA) that establish minimum standards for maintaining the privacy and security of patient information.
In addition, other federal laws such as 42 CFR Part 2 which governs the confidentiality of substance use disorder information, as well as state law, may provide added protections for certain types of health information.
At UnityPoint Health, we have a compliance program that includes policies implementing patient privacy and security requirements mandated under all applicable federal and state law. We provide training to our team members on the importance of complying with these policies and regularly conduct audits to confirm the effectiveness of our privacy and security compliance policies.
Our Notice of Privacy Practices describes how your medical information may be used and disclosed and how you can get access to it.
Notice of Privacy Practices - English
Contact a Privacy Officer
If you have questions regarding our privacy and security program, or the use of your information, please contact the privacy officer for the facility where you received treatment.
| Region | Phone | |
|---|---|---|
| Central Iowa (Des Moines, Grinnell) | UPH_CentralIAPrivacyOfficer@unitypoint.org | (515) 241-8199 |
| Eastern Iowa (Anamosa, Cedar Rapids, Dubuque, Marshalltown, Waterloo) | UPH_EasternIAPrivacyOfficer@unitypoint.org | (319) 235-3920 |
| Western Iowa (Fort Dodge, Sioux City) | UPH_WesternIAPrivacyOfficer@unitypoint.org | (515) 574-6675 |
| Illinois (Quad Cities) | UPH_ILPrivacyOfficer@unitypoint.org | (608) 417-5834 |
| Wisconsin (Madison) | UPH_WIPrivacyOfficer@unitypoint.org | (608) 417-5834 |
| UnityPoint Clinic | UPH_UPCPrivacyOfficer@unitypoint.org | (515) 440-5200 |
| UnityPoint at Home | UPAH_PrivacyOfficer@unitypoint.org | (515) 557-3214 |
| UnityPoint Health | UPH_PrivacyOfficers@unitypoint.org | (515) 241-4652 |
Frequently Asked Questions Regarding our Notice of Privacy Practices
- For purposes of complying with federal privacy and security requirements, some UnityPoint Health Affiliates, including hospitals, clinics, and other health care providers, have designated themselves as an affiliated covered entity (“ACE”). This means that these Affiliates act together as one organization for purposes of HIPAA. These locations may change from time to time. A full list of the current locations covered under the Notice of Privacy Practices can be found in Addendum B to the Notice of Privacy Practices.
- In addition, UnityPoint Health Affiliates participate in one or more organized health care arrangements (“OHCA(s)”). Your health information may be shared between OHCA participants for purposes related to their operating together as a health system, including the provision of treatment, for payment purposes, and for a broad scope of healthcare operations, which may include joint utilization review, credentialing, education, risk management, patient safety, quality assessment and improvement activities. These arrangements may change from time to time. A full list of the current OHCAs covered under the Notice of Privacy Practices can be found in Addendum C to the Notice of Privacy Practices.
This notice covers health information at UnityPoint Health that may be written (such as a hard copy medical record file), spoken (such as physicians discussing treatment options) or electronic (such as billing records kept on a computer).
We may use or disclose (share) identifiable health information, for the following purposes or to the following entities:
- Treatment, payment, and healthcare operations
- Certain fundraising activities
- Facility directory
- Family, friends, or others involved in your care or payment for care
- As required by law
- Public health activities
- Abuse neglect or domestic violence
- Health oversight activities
- Legal proceedings
- Law enforcement
- Coroners, medical examiners and funeral directors
- Organ donation
- Research
- Threats to health or safety
- Specialized government functions
- Workers compensation
- Incidental uses and disclosures
- Business Associates
- Health Information Exchanges (HIE)
We participate in HIEs, which let us share your health information with other providers for treatment purposes. The HIEs that UnityPoint Health participates in may change from time to time. Below is a full list of HIEs that UnityPoint Health currently participates in:
- Epic’s Care Everywhere program
- Trusted Exchange Framework and Common Agreement (TEFCA) though Epic’s Qualified Health Information Network (QHIN) (also known as Epic Nexus)
- Iowa Health Information Network (IHIN)
- Wisconsin Statewide Health Information Network (WISHIN)
If we need to use or disclose your health information for other purposes not described in our Notice of Privacy Practices, then UnityPoint Health must ask for your written authorization.
In many circumstances, you may have the right to object before we do the following:
- Share your information with family members, friends or others involved in your care
- List your name, room number and condition in a directory available to hospital visitors, as well as list your religion in a directory available to clergy members.
You have the following rights with respect to your health information:
- The right to inspect and request your health information we maintain
- The right to request restrictions on certain uses of your health information
- The right to request an amendment of your health information
- The right to an accounting of certain disclosures of your health information
- The right to receive notice of a breach of your unsecured health information
- The right to receive confidential communications and request different methods of communication
If HIPAA and another federal or state law conflict, we follow the law that is most protective of you in the state where you receive care, which may be reflected in Addenda. State specific Addenda’s to the Notice of Privacy Practices can be found here:
The Part 2 Programs may change from time to time. Below is a full list of our current Part 2 Programs:
- St. Luke’s Chemical Dependency Services (part of St. Luke’s Methodist Hospital)
- Abbe Center for Community Mental Health, Inc.
- Powell Chemical Dependency Program (part of Iowa Lutheran Hospital)
- Eyerly Ball
- North Central Iowa Mental Health Center dba Berryhill Center
- Center for Alcohol & Drug Services, Inc. (CADS)
- Trinity Medical Center dba Riverside Drug and Alcohol Services
- Robert Young Center for Community Mental Health
- Allen Recovery Center (part of Allen Hospital)
- Black Hawk Grundy Mental Health Center
- NewStart (part of Meriter Hospital, Inc.)