Search close

Notice of Privacy Practices

Effective: April 14, 2003

Revised Date: September 2, 2013


The Oklahoma Surgical Hospital (“Hospital”) creates and maintains a record of the care and services you received at this facility. Your medical records and billing information are systematically created and retained on a variety of media, which may include electronic, paper, and films. This information is accessible to hospital personnel and members of the medical staff on an as needed basis. Proper safeguards are in place to limit improper use or access. The Hospital is required by law to protect your privacy and the confidentiality of your Protected Health Information (“PHI”). This Notice of Privacy Practice (“Notice”) describes your rights and the Hospital’s legal duties regarding your PHI. This notice covers this hospital and all healthcare providers who are members of the medical staff and are part of our organized health care arrangement.



At times you may see or hear new terms in relation to this notice. Some of the terms you may hear and their definitions are:


Organized Health Care Arrangement

Oklahoma Surgical Hospital, the medical staff, and other health care providers at the hospital are part of a clinically integrated care setting that constitutes an organized health care arrangement under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). This arrangement involves participation of legally separate entities in which no entity will be responsible for the medical judgment or patient care provided by the other entities in the arrangement. Sharing information allows us to enhance the delivery of quality care to you as our patient. All entities, however, have agreed to abide by this Notice while working in the Hospital setting. You may receive another Notice from each physician and other health care providers upon your first encounter in their office. The Notice from other offices may be different from this Notice and will govern the PHI maintained by that provider. These physicians and health care providers will be able to access and use your PHI to carry out treatment, payment, or hospital operations. You may want to be sure you have discussed this with your health care providers and you have received a copy of the PHI from those providers.

Protected Health Information (“PHI”)

Personal and clinical information that the Hospital uses to render care to you and bill for services provided.

Privacy Officer

The individual at Oklahoma Surgical Hospital who has responsibility for all policies and procedures regarding the protection of your PHI and receiving and investigating any complaints you may have about the use and disclosure of your PHI.

Business Associate

An individual or business independent of the Hospital that works on behalf of the hospital to help provide you or the hospital with services.


A document signed by you or your legal representative that gives the Hospital permission to use or disclose your PHI for purposes other than treatment, payment of your bills, or health care operations of the Hospital.



The following categories describe how the Hospital may use and disclose your PHI without your authorization. Not every use or disclosure could possibly be listed for each category below.

  1. Treatment. The Hospital may use your PHI to provide medical treatment or services. The Hospital may disclose your PHI to doctors, nurses, technicians, medical students, or other hospital personnel who are involved in taking care of you at the hospital.

Examples: A surgeon treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. Your physicians may need to tell the dietitian if you have diabetes so appropriate meals may be arranged. The Hospital may tell your primary care physician, other physicians or health care providers about your hospital stay so they can provide appropriate follow-up care.

  1. Payment. The Hospital may use and disclose your PHI so that the treatment and services you receive at the hospital may be billed to you, an insurance company, or a third party and payment may be collected. The Hospital will obtain your consent or authorization for release of sections of PHI for payment purposes as required by law, such as information involving communicable or venereal disease, which may include but is not limited to diseases such as Hepatitis, Syphilis, Gonorrhea and Human lmmuno-Deficiency Virus or Acquired Immune Deficiency Syndrome or AIDS. Examples: The Hospital may provide your health plan information about the surgery or care you received so your insurance company will pay us or reimburse you for the services. The Hospital may also tell your health plan about a proposed treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment. The Hospital may also provide your hospital physicians or their billing agents with information so they can send bills to you or your insurance company.
  2. Health Care Operations. The Hospital may use and disclose your PHI for health care operations. These uses and disclosures are necessary to run the Hospital and make sure that all of our patients receive quality care.

Examples: The Hospital may use PHI about your high blood pressure to review our treatment and services, to evaluate the performance of our staff in caring for you and to train health professionals. The Hospital may also combine PHI about many hospital patients to decide what additional services the hospital should offer, what services are not needed, and whether certain new treatments are effective. The Hospital may also combine patients’ PHI with PHI from other hospitals to compare how the Hospital is doing and determine where improvements in the care and services offered can be made.

  1. Business Associates. The Hospital may disclose your PHI to Business Associates of the hospital, with whom contracts have been established, to provide services. However, the Hospital will only make these disclosures if there is satisfactory assurance that the Business Associate will properly safeguard your privacy and the confidentiality of your PHI.

Example: The Hospital may contract with a company outside of the hospital to provide medical transcription services for the hospital, or to provide collection services for past due accounts.

  1. Appointment Reminders. The Hospital may use and disclose your PHI to contact you as a reminder that you have an appointment for treatment or medical care at the hospital. This may be done through an automated system or by one of our staff members. If you are not at home, messages may be left on your answering machine or with the person answering the telephone with your prior approval. You have the right to stop appointment reminders by notifying the Hospital of your decision.
  2. Health Related Benefits and Services.

The Hospital may use and disclose your PHI to tell you about health-related benefits or services, or to recommend possible treatment options or alternatives that may be of interest to you.

  1. Fundraising Activities of the Hospital. The Hospital will not contact you in an effort to raise money for the hospital and its operations. If someone representing the Hospital contacts you and is asks you donate money, please contact the Hospital Privacy Officer at 918.477.5014 immediately. The use and disclosure of PHI for marketing purposes and disclosures that continue a sale of PHI will require a signed authorization by you.
  2. Hospital Directory. The Hospital may retain certain limited information about you while you are receiving services at the hospital. Your location in the hospital and your general condition (e.g., fair, stable, etc.) may be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they don’t ask for you by name. This is so your family, friends, and clergy can visit you in the hospital and generally know how you are doing. If you do not want this information available, tell the admission personnel upon registration. You may also provide the hospital with a listing of individuals you would like the Hospital to provide information to or restrict information from.
  3. Individuals Involved in Your Care or Payment for Your Care. The Hospital may release PHI to a friend or family member who is involved in your medical care with your prior approval. The Hospital may also give PHI to someone who helps pay for your care. You may object to disclosures to these individuals by making your wishes known to clinical personnel, the privacy officer, social worker, or admission personnel upon registration. The Hospital may also disclose PHI about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status, and location.



  1. Research. Under certain circumstances, the Hospital may use and disclose PHI about you for research purposes. All research projects are subject to a special approval process. This process evaluates the risks and benefits of the proposed research project while insuring the patient’s need for privacy of their PHI. Before the hospital uses or discloses medical information for research, the project will have been approved through this research approval process and your authorization will be required. The Hospital may, however, disclose PHI about you to people preparing to conduct a research project; for example, to help them look for patients with specific medical needs, so long as the PHI reviewed does not leave the hospital. The Hospital will ask for your specific authorization if the researcher will have access to your name, address, or other information that reveals who you are, or will be involved in your care at the hospital.

Example: A research project may involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition.

  1. As Required by Law. The Hospital will disclose PHI about you when required to do so by federal, state, or local law.
  2. To Avert a Serious Threat to Health or Safety. The Hospital may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. This type of disclosure would be made only to someone able to help prevent the threat from occurring.
  3. Organ and Tissue Donations. If you are an organ donor, the Hospital may release PHI to organizations that handle organ procurement, organ, eye, or tissue transplantation, or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
  4. Military. If you are a member of the armed forces, the Hospital may release your PHI as required by military command authorities. The Hospital may also release PHI about foreign military personnel to the appropriate foreign military authority.
  5. Workers Compensation. The Hospital may release PHI about you for workers compensation or similar programs as authorized by federal or state laws. These programs provide benefits for work-related injuries or illness.
  6. Public Health Reporting. As mandated by federal or state laws, the Hospital may be required to disclose information regarding certain public health activities.

Examples: To prevent injury or disability or control the spread of disease; Report cancer diagnoses and tumors; Report child abuse or neglect; Report reactions to medications or problems with products; Notify people of recalls of products they may be using; Notify the Oklahoma State Department of Health that a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition such as HIV, Syphilis, or other transmitted diseases; Notify the appropriate governmental authority if the Hospital believes a patient has been the victim of abuse, neglect or domestic violence- if you agree or when required by law.

  1. Health Oversight Activities. The Hospital may disclose PHI to an oversight agency for activities necessary for the government to monitor the health care system, government programs, and compliance with applicable laws. These oversight activities include, for example, audits, investigations, inspections, medical device reporting and licensure.
  2. Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, the Hospital may disclose PHI about you in response to a court or administrative order. Except as may be prohibited by law, the Hospital may also disclose PHI about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you or your attorney about the request or to obtain an order protecting the information requested. In certain circumstances your authorization may be required for disclosure of PHI pursuant to subpoena.
  3. Law Enforcement. The Hospital may release PHI to Jaw enforcement if requested.

Examples: In response to a court order, subpoena, warrant, summons, or similar process; To identify or locate a suspect, fugitive, material witness, or missing person; To identify a victim of a crime if, under certain limited circumstances, the Hospital is unable to obtain the person’s agreement; About a death the Hospital believes may be the result of criminal conduct; In emergency circumstances to report a crime; The location of the crime or victims; The identity, description, or location of the person who committed the crime.

  1. Coroners, Medical Examiners, and Funeral Directors. The Hospital may release PHI to a coroner or medical examiner, as it may be necessary to identify a deceased person or determine the cause of death. The Hospital may also release PHI about deceased patients of the hospital to funeral directors as necessary to carry out their duties.
  2. National Security and Intelligence Activities. The Hospital may release PHI about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
  3. Protective Services for the President and Others. The Hospital may disclose PHI about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state, or conduct special investigations.
  4. Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, the Hospital may release PHI about you to the correctional institution or law enforcement official. This release would be necessary (1) for the correctional institution to provide you with health care; (2) to protect the health and safety of yourself, others, or the correctional institution.



You have the following rights regarding PHI the Hospital maintains about you:

  1. Right to Inspect and Copy. You have the right to inspect and request a copy of your PHI, except as prohibited by law. To inspect and/or request a copy of your PHI you must submit your request in writing. If you request a copy of your PHI, the Hospital may charge a fee per page in accordance with Oklahoma law to offset the costs associated with the request. You also have the right to authorize third parties to obtain your PHI as well as deny releases to third parties if you pay for your treatment in full.

Request must be submitted in writing on an approved Authorization form. You have the right to request an electronic copy of your record in lieu of a paper copy; the hospital may charge a fee to offset the costs associated with the request.

The Hospital may deny your request to inspect and copy PHI in certain circumstances. If you are denied access to certain PHI, you may request that the denial be reviewed. Some types of records may be denied to you and no review is allowed, such as psychotherapy notes. Another licensed health care professional chosen by the hospital will review your request and the denial. The person conducting the review will not be the person who denied your request. The Hospital will comply with the outcome of the review.

You have the right to revoke an Authorization in writing, but prior disclosures will not be affected. You may submit request for records and any revocations to the Health Information Department.

  1. Right to Amend. If you feel that the PHI the Hospital has about you is incorrect or incomplete, you may ask to have the information amended. You have the right to request an amendment for as long as the information is kept by or for the hospital. To request an amendment, your request must be made in writing that states the reason for the request.

The request for amendment may be denied if the request is not in writing or does not include a reason to support the request. In addition, the request may be denied if you ask to amend information that was not created by the Hospital, unless the person or entity that created the information is no longer available to make the amendment, is not part of the PHI kept by or for the Hospital, is not part of the information which you would be permitted to inspect and copy, or is accurate and complete.

  1. Right to an Accounting of Disclosures. You have the right to request an “Accounting of Disclosures” every 12 months. The accounting does not included disclosures made for treatment, payment or healthcare operations that were paper based. To request this list, you must submit your request in writing to Health Information. Your request must state a time period, which may not be longer than six years from the date of the request. Your request should indicate in what form you want the list (e.g. paper or electronically). There may be a charge for providing additional lists to you. The Hospital will notify you of the cost involved and you may choose to withdraw or modify your request before any costs are incurred.
  2. Right to Request Restrictions. You have the right to request a restriction or limitation of the PHI used or disclosed about you for treatment, payment, or health care operations. You also have the right to request a limit on the PHI disclosed about you to someone who is involved in your care or the payment for your care, like a family member or friend.

Examples: Request that information may not be used or disclosed about a surgery you had; Information may not be used or disclosed about the medication you are taking.

The Hospital is not required to agree to your request. If the request is agreed upon, the Hospital will comply with your request unless the information is needed to provide you emergency treatment.

To request restrictions, you must make your request in writing. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit the use, disclosure, or both; and (3) to whom you want the limits to apply.

  1. Right to Request Confidential Communications. You have the right to request that the Hospital communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that the Hospital only contact you at work or by mail. To request confidential communications, you must make your request in writing. You will not be asked the reason for your request. All reasonable requests will be accommodated. Your request must specify how or where you wish to be contacted.
  2. Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice. You may ask for a copy of this notice at any time by contacting the Privacy Officer. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.

To obtain a paper copy of this notice contact:

Privacy Officer

Oklahoma Surgical Hospital 2408 E. 81st Street, Suite 300

Tulsa, OK 74137


  1. Right to be Notified of a Breach. You have a right to be notified of a breach of unsecure PHI in the event your PHI has been affected.



The Hospital reserves the right to change this notice. The Hospital reserves the right to make the revised or changed notice effective for PHI already in existence about you or any PHI that may be received in the future. Each notice will have an effective date. Copies of the current notice will be posted throughout the Hospital. In addition, at each visit for treatment or health care services copies of the current notice will be available to you.



Other uses and disclosures of PHI not covered by this Notice or the laws that apply to the Hospital will only be made with your written authorization. If you provide an authorization to use or disclose protected PHI, you may revoke this authorization in writing at any time, but prior release of information will not be affected.



If you have a question or request, you may contact the Privacy Officer. If you believe your privacy rights have been violated you may file a written complaint with the facility or with the Secretary of the Department of Health and Human Services. You will not be penalized for filing a complaint.

To file a complaint with the Hospital, contact:

Privacy Officer

Oklahoma Surgical Hospital 2408 E. 81st Street, Suite 300

Tulsa, OK 74137


To file a complaint with the Secretary of the Department of Health and Human Services, contact:

The U.S. Department of Health & Human Services 200 Independence Avenue, SW

Washington, D.C. 20201