Patient Privacy

Methodist Health System is committed to protecting your privacy and the privacy of your medical information.

NEBRASKA METHODIST HEALTH SYSTEM NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Nebraska Methodist Health System (MHS) respects your privacy. We are also legally required to maintain the privacy of your protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) and other federal and state laws. As part of our commitment and legal compliance, we are providing you with this Notice of Privacy Practices (Notice). This Notice describes:

  • Our legal duties and privacy practices regarding your PHI, including our duty to notify you following a data breach of your unsecured PHI;
  • Our permitted uses and disclosures of your PHI; and
  • Your rights regarding your PHI.

We create a record of the care and health services you receive to provide your care, and to comply with certain legal requirements. This Notice applies to all the PHI that we generate and to substance use disorder records (Part 2 Records), which are discussed in further detail below, that we receive or maintain.

We and our employees and other workforce members follow the duties and privacy practices that this Notice describes and any changes once they take effect.

This Notice applies to the following organizations, which form the Nebraska Methodist Health System Affiliated Covered Entity (MHS ACE, “we,” “us”), including hospitals, clinics and other health care providers that MHS operates or oversees, as well as any health care facility or physician practice now or in the future controlled by or under common control by MHS. The following organizations are part of the MHS ACE and share similar practices regarding your PHI:

  • Nebraska Methodist Health System;
  • Nebraska Methodist Hospital and Methodist Women’s Hospital;
  • Jennie Edmundson Memorial Hospital d/b/a Methodist Jennie Edmundson
  • Physicians Clinic, Inc. d/b/a Methodist Physicians Clinic;
  • Methodist Endoscopy Center, LLC;
  • West Dodge Imaging, LLC;
  • Methodist HealthWest; and
  • Methodist Fremont Health, including its inpatient behavioral health unit (which is a Part 2 Program); and
  • Best Care EAP (including the Community Counseling Program and Employee Assistance Program)

The contact information of the MHS Privacy Officer is: MHS Privacy Officer – (402) 354-6863, compliance@nmhs.org.

The organizations listed above will share your PHI with each other, as necessary, to carry out treatment, payment and health care operations. They may also share your PHI with health information exchanges (“HIEs”), which are defined later in this Notice.

Summary of Your Rights

Although your health record belongs to the health care provider or facility that compiled it, you have certain rights regarding your PHI. To exercise any of the following rights, please contact the MHS Privacy Officer at the above number:

  • You have a right to receive this Notice that explains how your PHI may be used or disclosed;
  • You have a right to know who has received your PHI during the previous six years, and for what purpose. If you make additional requests for such an accounting during any 12-month period, we may charge you a reasonable, cost-based fee;
  • You have a right to view and receive a copy or summary of all your health records in the format you request (electronic and/or paper), except for psychotherapy notes. Your request for a copy of your record must be in writing. We may charge a reasonable, cost-based copying or labor fee for such copy;
  • You have a right to ask for correction or amendment of anything in your records that you feel is in error. We have certain rights to reject your request, and we will notify you why in writing within 60 days. You also have the right to request that a statement of disagreement be included in your record. Your request must be in writing and include supporting documentation;
  • You have a right to request that we not use or share certain PHI for treatment, payment or our health care operations. You also have the right to request that we not share PHI with your health insurer if you pay for a service or item out-of-pocket in full. However, we are not required to accommodate your request except as provided in this Notice;
  • You have the right to request confidential communications by asking us to contact you in a specific way or to send mail to a different address. We will honor all reasonable requests; and
  • You have the right to choose someone to act for you. If you give someone this right, or if someone is your legal guardian, we will confirm the person has this authority and can act for you before we take any action.

Your Choices

You have the right and choice to tell us to:

  • Share PHI with your family, friends or others involved in your care;
  • Share PHI in a disaster relief situation;
  • Not include your PHI in a hospital directory; and
  • Stop contacting you for fundraising efforts.

In the following cases, we will not share your PHI unless you give us written permission:

  • Marketing purposes. We will not use or disclose your PHI for marketing purposes, such as advertising to you, without your written authorization;
  • Sale of your PHI. We will not sell your PHI or receive payment for sharing it unless you have signed a specific written authorization allowing us to do so;
  • Psychotherapy notes. We will not use or disclose psychotherapy notes about you without your written authorization, or unless otherwise allowed elsewhere in this Notice. Psychotherapy notes are the personal notes recorded by a mental health professional (such as a psychiatrist, psychologist or therapist) documenting or analyzing the contents of a counseling session; and
  • Part 2 Records. See the section below titled, “42 CFR Part 2, Substance Use Disorder Records” for more information.

We must disclose your PHI to you, as described in this Notice. You may also give us written authorization to use your PHI or to disclose it. You may revoke your authorization at any time by contacting the MHS Privacy Officer at the number listed above, but your revocation will not affect any use or disclosure made by us in reliance on your authorization. Without your written authorization, we may not use or disclose your PHI for any reason except those described in this Notice.

Our Responsibilities

We also have certain responsibilities. These include:

  • Maintaining the privacy and security of your health record;
  • Providing you with a copy of this Notice;
  • Abiding by the terms of this Notice;
  • Notifying you if a breach occurs that may compromise your PHI; and
  • Not using or sharing your PHI other than as described in this Notice unless you tell us we can in writing. If you tell us we can, you may change your mind at any time by notifying the MHS Privacy Officer.  If you change your mind, that will not affect any use or disclosure made by us in reliance on your authorization.

We may revise this Notice as our PHI practices change. Any revision will be effective for all PHI in the record, regardless of whether it was gathered before or after the change took effect. However, before we change our practices, a copy of our new Notice will be posted at all MHS affiliates and on our website. The effective date of our Notice will always appear at the end of the Notice.

Data Breach Notification

We will promptly notify you if a data breach occurs that may have compromised the privacy or security of your PHI.  Most of the time, we will notify you in writing, by first-class mail, or we may email you if you have provided us with your current email address and you have previously agreed to receive notices electronically. In some circumstances, our business associates, which are described in more detail below, may provide the notification. In limited circumstances when we have insufficient or out-of-date contact information, we may provide notice in a legally acceptable alternative form.

Disclosures for Treatment, Payment and Health Care Operations

When state law requires us to obtain your written permission to use or disclose your PHI for treatment, payment or health care operations, we will do so. However, there are also situations where we may use or disclose your PHI for treatment, payment, and health care operations without your permission.

We may use or disclose your PHI for treatment purposes.

For example: PHI obtained by members of your health care team will be documented in your record and used to determine the course of your treatment. Health care team members may communicate with each other personally and through your health record to coordinate your care. We may provide your physician or other health care provider with copies of reports that may help determine your future treatment. We may also disclose your PHI to another health care provider for its payment purposes or its health care operations. These exchanges may be done through HIEs, which are defined below.

We may use or disclose your PHI for payment purposes.

For example: We may send your bill to you or your insurance company. Your bill may contain PHI that identifies you, as well as your diagnosis, procedures and supplies used. However, if you pay for a health care service or item out-of-pocket in full and request in writing that we do not provide PHI to your health insurer, we will comply with your request unless a law requires us to share that PHI with them.

We may use or disclose your PHI for health care operations purposes and internal business practices.

For example: Members of the medical staff, members of the quality improvement team, or the risk or quality improvement manager may use PHI in your health record to assess your care and outcomes. This PHI is used in our ongoing efforts to improve the quality and effectiveness of the health care and services we provide.

Other Disclosures That May be Made Without Your Authorization

Unless we are otherwise restricted from doing so, such as with Part 2 Records, we may also use or disclose your PHI for the following purposes without your authorization:

  • Notification: We may use or disclose PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care about your location and general condition.
  • Communication with Family: We may disclose to a family member, other relative, close friend or any other person who you have identified, PHI relevant to that person’s involvement in your care or payment related to your care.
  • Hospital Directory: Unless state or federal law otherwise restricts us, or unless you instruct us not to, we may release your location within the hospital to people who ask for you by name. In addition, unless you instruct us not to, we may release your name, location, and religious affiliation to members of the clergy.
  • Business Associates: Some services of our organization are provided through contractual arrangements with business associates. These include radiology, certain laboratory services, supplemental staffing, transcription, and data management. When services are provided by a business associate, we may disclose your PHI to our business associate so that they can perform the job we have asked them to do and bill you or your insurance company for those services. In addition, we may disclose your PHI to accrediting agencies and certain outside consultants. Our business associate must use appropriate safeguards to protect your PHI.
  • Funeral Directors/Medical Examiners: We may disclose your PHI to funeral directors, medical examiners and/or coroners consistent with applicable law so that they can carry out their duties.
  • Organ Procurement Organizations: Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
  • Research: We may disclose PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI. In addition, we may disclose PHI to researchers in preparation for research if allowed by law.
  • Appointment Reminders, Treatment Alternatives: We may use your PHI to provide you with PHI regarding a health-related product or service provided by MHS or an MHS affiliate, or PHI regarding your treatment or care, such as appointment reminders, PHI about treatment alternatives, and/or in face-to face encounters.
  • Fundraising: We may use your name and limited demographic PHI to contact you as part of an MHS fundraising effort, but you can tell us not to contact you again.  There are certain restrictions that apply to us if we share your PHI for this purpose, which are described elsewhere in this Notice.
  • Food and Drug Administration (FDA): We may disclose to the FDA, or an entity subject to FDA jurisdiction, your PHI for public health purposes related to the quality, safety or effectiveness of an FDA-regulated product or activity for which that person has responsibility. For example, your PHI may be disclosed in connection with the reporting of an adverse event, product defect, product tracking or to provide post marketing surveillance PHI.
  • Workers’ Compensation: We may disclose your PHI to the extent allowed by and to the extent necessary to comply with laws relating to workers’ compensation or other similar programs.
  • Public Health; Serious Threat to Health or Safety: When required or allowed by law, we may disclose your PHI to public health or legal authorities responsible for preventing or controlling disease, injury or disability or performing other public health functions. In addition, we may disclose your PHI in order to avert a serious threat to health or safety.
  • Specialized Governmental Functions: We may disclose your PHI for military and veteran activities, national security and intelligence activities and similar special governmental functions as required or allowed by law.
  • Correctional Institution: If you are an inmate of a correctional institution, we may disclose to the institution or agents thereof PHI necessary for your health and the health and safety of other individuals.
  • Law Enforcement: We may disclose your PHI for law enforcement purposes as required or allowed by law or in response to a valid subpoena, court order or other binding authority.
  • Disclosures Required by Law: We may use or disclose your PHI as required by law provided such use or disclosure complies with and is limited to the relevant requirements of such law.
  • Health Oversight Agencies: We may disclose your PHI to an appropriate health oversight agency, public health authority or attorney involved in health oversight activities.
  • Judicial and Administrative Proceedings: We may disclose your PHI for judicial or administrative proceedings as required or allowed by law or in response to a valid subpoena, court order or other binding authority.

42 CFR Part 2, Substance Use Disorder Records

Some of your PHI is subject to special confidentiality protections because it concerns treatment for a substance use disorder (SUD). These are referred to as “Part 2 Records.” Under federal law (42 CFR Part 2), information identifying a person as having, or having had, a SUD which is maintained by certain health care providers is subject to additional safeguards.  We may use and disclose your Part 2 Records for treatment, payment and healthcare operations if you sign a written consent authorizing us to do so. Once you provide such a consent, the information may be used and disclosed in accordance with this Notice, unless you revoke the consent in writing. You have the following rights with respect to your Part 2 Records:

  • The right to request a restriction on uses and disclosures for treatment, payment, and health care operations. However, we have certain rights to reject your request, and we will notify you why in writing within 60 days;
  • The right to receive an accounting of disclosures of your Part 2 Records for the prior three years;
  • The right to file a complaint with the U.S. Department of Health & Human Services (HHS) or with us if you believe your Part 2 rights have been violated. We will not and cannot retaliate against you for exercising these rights;
  • The right to opt-out of fundraising communications related to Part 2 Records; and
  • In the event of a breach of unsecured Part 2 Records, we will follow the breach notification requirements applicable under HIPAA and applicable Part 2 regulations, including notifying you and, if necessary, HHS.

If you have provided a valid authorization for us to disclose all of your records, we and any entity receiving your Part 2 information under that consent are not required to segregate or separate the Part 2 Records from your other medical records.

Part 2 Records, or testimony relaying the content of such records, cannot be used or disclosed in civil, criminal, administrative, or legislative proceedings against you unless you give us written consent, or there is a court order. A court order authorizing use or disclosure must be accompanied by a subpoena or other legal requirement compelling disclosure before the requested record is used or disclosed

Redisclosure

It is possible that PHI we disclose under the terms of this Notice will be redisclosed by the recipient and no longer protected by this Notice, HIPAA, or state or federal law.

Organized Health Care Arrangement

The hospitals within MHS, including the outpatient surgical, rehabilitation and other ancillary service sites of the hospitals, are clinically integrated care settings in which patients receive care from both hospital staff and independent providers who belong to the medical staff, which is the group of providers allowed to practice at MHS and its affiliates. These hospitals and their medical staff must be able to share protected PHI freely for treatment, payment and health care operations. Therefore, each hospital and their respective medical staffs have entered into an organized health care arrangement (OHCA). Under the OHCA, each hospital and the eligible providers on the medical staff will:

  • Use a joint notice of privacy practices (this Notice) for all inpatient and outpatient visits;
  • Obtain a single signed acknowledgment of receipt;
  • Share protected PHI from inpatient and outpatient hospital visits so that they can help the hospital with its healthcare operations; and
  • Follow the privacy and PHI practices described in this Notice. Each OHCA participant is individually responsible to follow the practices in this Notice. The OHCA does not cover the private offices of the providers or their PHI practices there or at other practice locations.

THIS NOTICE SERVES AS THE JOINT NOTICE OF PRIVACY PRACTICES OF THE ORGANIZED HEALTH CARE ARRANGEMENT FOR EACH OF THE MHS AFFILIATES LISTED IN THE MHS ACE ABOVE. HOWEVER, IF YOU RECEIVE A NOTICE FROM A MEMBER OF THE MHS ACE THAT IS DIFFERENT FROM THIS NOTICE, THAT NOTICE WILL APPLY INSTEAD OF THIS NOTICE.

Health Information Exchanges

We participate in health information exchanges (HIEs), such as CyncHealth and CommonWell Health Alliance, which support electronic information sharing among members for treatment, payment, and health care operations purposes. Through the HIEs, participating providers and health insurers can see certain health, demographic, and payment information (your PHI) in each other’s records. They can use this information for treatment, payment, or health care operations purposes.      

Your information will be included in HIEs, such as CyncHealth and CommonWell Health Alliance, unless we receive a request to opt out. You can opt out of disclosures to HIEs by contacting the HIEs or us.  For CyncHealth, contact support at (402) 506-9900, ext.1 or by visiting www.cynchealth.org.  For CommonWell Health Alliance, contact the MHS Privacy Officer using the contact information above.

For More Information or to Report a Problem

If you have questions or would like additional information, you may contact the MHS Privacy Officer at the phone number or email address listed above. If you believe your privacy rights have been violated, you can file a complaint with the MHS Privacy Officer at the phone number or email listed at the beginning of this Notice, or with the Office of Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not and cannot retaliate against you for filing a complaint.

If you would like a copy of this notice, please request one from the receptionist.

bestcare.org

Effective Date: February 1, 2026

Print On Demand