Privacy Policy
Purpose
To comply with the Administrative Simplification Act component of HIPAA Privacy, to secure and maintain the confidentiality of Protected Health Information (PHI), maintain sensitive organizational information at Rapid City Medical Center and prevent and detect inappropriate and illegal uses and disclosures.
Policy
Rapid City Medical Center shall be responsible for implementation of the administrative requirements under the federal privacy rule.
Rapid City Medical Center will designate a privacy official to be responsible for the development and implementation of the policies and procedures of Rapid City Medical Center… [45 CFR 164.530(a)(1)(i)].
Definitions
HIPAA – Health Insurance Portability and Accountability Act of 1996
IIHI – Individually Identifiable Health Information: Information that is a subset of health information, including demographic information collected from an individual, and:
- Is created or received by a health care provider, health plan, employer or health care clearinghouse.
- Relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual.; and
- That identifies the individual with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
PHI – Protected Health Information: PHI means IIHI that is held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper or oral.
DRS – Designated Record Set: Rapid City Medical Center facilities maintain a Designated Record Set. The DRS includes medical and billing records to which patients and/or his or her personal representatives have the right to access, inspect and copy. Records include any item, collection or grouping of information that includes PHI and is maintained, collected, used or disseminated by or for a provider. Patient health care records are the property of Rapid City Medical Center but the information maintained within the record belongs to the patient.
Individual (for purposes of HIPAA) – The patient and his/her legal Personal Representative.
A Personal Representative is one who under law has the authority to act on behalf of a patient in making decisions related to health care (i.e., a parent, guardian or legal custodian under WI stat. 48.02(8) and (11)). Personal Representatives may have access to and/or request amendment of PHI relevant to their representative capacity unless there is a reasonable belief that the patient has been or may be subjected to domestic violence, abuse or neglect by such person, the release could endanger the patient, or in the exercise of professional judgment it is decided that it is not in the best interest of the patient to treat the person as the patient’s personal representative.
Treatment – The provision, coordination or management of health care and related services, including the coordination or management of health care by a health care provider with a third party; consultation between health care providers relating to a patient; or the referral of a patient for health care from one health care provider to another.
Payment – Activities undertaken by Rapid City Medical Center to obtain or provide reimbursement for the provision of health care. Activities for payment include eligibility of coverage determination, billing, claims management, collection activities, utilization review including precertification, preauthorization, concurrent and retrospective review of services, and specified disclosures to consumer reporting agencies.
Health Care Operations – Quality assessment and improvement activities; reviewing the competence, qualifications, performance of health care professionals, conducting training programs, accreditation, certification, licensing, credentialing, underwriting, premium rating and other activities relating to the creation, renewal or replacement of a contract of health insurance or health benefits; conducting or arranging for medical review, legal services and audition functions; business planning and development; business management.
Workforce – Under Section 160.103 of HIPAA, workforce means employees, volunteers, trainees and other persons whose conduct, in the performance of work for Rapid City Medical Center, is under the direct control of Rapid City Medical Center, whether or not they are paid by Rapid City Medical Center.
Provider – Under Section 160.103 of HIPAA, a provider of medical or health services and any other person or organization who furnishes, bills or is paid for health care in the normal course of business. Providers at Rapid City Medical Center are those contracted, subcontracted or employed and provides services on behalf of Rapid City Medical Center.
Procedures
Rapid City Medical Center is committed to complying with the HIPAA Privacy Rule.
Rapid City Medical Center and its business affiliates create, store, maintain, use, transmit, collect and disseminate PHI in an environment that promotes confidentiality and integrity without compromising information availability.
Confidentiality policies and procedures are reinforced throughout Rapid City Medical Center and followed by all physicians and workforce members.
The HIPAA Privacy Officer oversees the HIPAA Privacy program.
The HIPAA Privacy Officer is responsible for the facilitation of functions which reinforce compliance with the HIPAA Privacy Rule, patient confidentiality, access laws and Rapid City Medical Center’s policies and procedures pertaining to them.
Rapid City Medical Center will implement, monitor and maintain a Business Associate Agreement with affiliate business entities when required by law.
All documentation related to and/or required by HIPAA, including but not limited to compliance enforcement, activities such as training, policies and procedures, complaint investigations, designated record sets, etc. are maintained for six years from the date of creation, or the date it was last in effect, whichever is later Documentation may be maintained in written or electronic form.
Privacy Policy
This privacy policy will explain how our organization uses the personal data we collect from you when you use our website.
What data do we collect?
[BUSINESS NAME HERE] collects the following data:
Personal identification information such as Name and Contact information that is provided to us by the user, and anonymous data such as usage statistics.
How do we collect your data?
Personal identification information is only collected if it is provided through a form on our website. This information is stored by a third-party company. Links to their data-sharing privacy policies are as follows:
Gravity Forms: https://www.gravityforms.com/privacy/
Forms on this site may use a website plugin to collect information. Links to the plugin data-sharing privacy policies are as follows:
Gravity Forms: https://www.gravityforms.com/privacy/
Most data we collect is provided by users. We do use a variety of website plugins and third-party analytics services which may collect anonymous data. Links to data-sharing privacy policies for these plugins and services are as follows:
Google Analytics: https://policies.google.com/privacy
What are your data protection rights?
[BUSINESS NAME HERE] would like to make sure you are fully aware of all of your data protection rights.
Every user is entitled to the following:
- The right to access – You have the right to request [BUSINESS NAME HERE] for copies of your personal data. We may charge you a small fee for this service.
- The right to rectification – You have the right to request that [BUSINESS NAME HERE] correct any information you believe is inaccurate. You also have the right to request [BUSINESS NAME HERE] to complete information you believe is incomplete.
- The right to erasure – You have the right to request that [BUSINESS NAME HERE] erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that [BUSINESS NAME HERE] restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to [BUSINESS NAME HERE]’s processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that [BUSINESS NAME HERE] transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.
Cookie Usage
What are cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our website or others we may own or manage, we may collect information from you automatically through cookies or similar technology.
For further information, visit aboutcookies.org.
How do we use cookies?
[BUSINESS NAME HERE] uses cookies to improve your experience on our website, including:
- Understanding how you found our website
- Understanding how you use our website
What types of cookies do we use?
There are a number of different types of cookies, however, our website uses:
- Advertising – [BUSINESS NAME HERE] uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. [BUSINESS NAME HERE] shares some limited aspects of this data with third parties for advertising purposes and for plugin analytics to better improve our site and others. We may also share online data collected through cookies with our advertising partners such as Google. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
- Referrals – [BUSINESS NAME HERE] uses these cookies to collect information about your visit to pass to third party services you are referred to from our website.
How to manage cookies
You can set your browser to not accept cookies.
aboutcookies.org tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Additional Privacy Policy Concerns
Privacy policies of other websites
The [BUSINESS NAME HERE] website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, keep in mind that their privacy policies may be different.
Changes to our privacy policy
[BUSINESS NAME HERE] keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on January 18, 2024.
How to contact us
If you have any questions about [BUSINESS NAME HERE]’s privacy policy, the data we hold about you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.