It is United Zion Retirement Community (hereafter referred to as “UZRC”) policy to respect your privacy regarding any information we may collect while operating our website, https://www.uzrc.org.
Like most website operators, UZRC collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. UZRC’s purpose in collecting non-personally identifying information is to better understand how UZRC’s visitors use its website. From time to time, UZRC may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
UZRC also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on UZRC’s member sites. UZRC only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that site commenter IP addresses are visible and disclosed to the administrators of the site where the comment was left.
Gathering of Personally-Identifying Information
Certain visitors to UZRC’s website choose to interact with UZRC in ways that require UZRC to gather personally-identifying information. The amount and type of information that UZRC gathers depend on the nature of the interaction. Those who engage in transactions with UZRC are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, UZRC collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with UZRC. UZRC does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.
UZRC may collect statistics about the behavior of visitors to its website. UZRC may display this information publicly or provide it to others. However, UZRC does not disclose personally-identifying information other than as described below.
Protection of Certain Personally-Identifying Information
UZRC discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors, and affiliated organizations that (i) need to know that information in order to process it on UZRC’s behalf or to provide services available at UZRC’s website, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using UZRC’s website, you consent to the transfer of such information to them. UZRC will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, UZRC discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when UZRC believes in good faith that disclosure is reasonably necessary to protect the property or rights of UZRC, third parties or the public at large. If you are a registered user of a UZRC website and have supplied your email address, UZRC may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with UZRC and our products. We expect to keep this type of email to a minimum. If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. UZRC takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
Cookies and Website Analytics
We also may use Google and other 3rd Party cookies to retarget visitors to our website or to better serve ads. If you’d like to opt out of Google Cookies, please see https://tools.google.com/dlpage/gaoptout and to opt-out of Google cookies for ads by using ad preferences at https://adssettings.google.com/authenticated?hl=en.
This site uses the Lucky Orange analytics system to help improve usability and the customer experience. Lucky Orange may record mouse clicks, mouse movements and scrolling activity. Lucky Orange may record keystroke information that you voluntarily enter on this website. Learn more here – https://www.luckyorange.com/privacy.php.
UZRC maintains a list of email addresses of users who have specifically opted to receive mailings and newsletters from us relating to the UZRC retirement living communities, services, employment, and events. Participation in this mailing list is strictly voluntary, and any user may opt out at any point by emailing firstname.lastname@example.org a message with a subject of “unsubscribe” from the email address they wish removed from our e-mail list. Email addresses from this mailing list are only used for these notifications, and will not be distributed to any third party.
Data Retention Policy
UZRC will maintain data unless a request is made to be removed from the database.
Links to Third-Party Websites
If UZRC, or substantially all of its assets were acquired, or in the unlikely event that UZRC goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur and that any acquirer of UZRC may continue to use your personal information as set forth in this policy.
HIPAA– Health Insurance Portability and Accountability Act: Privacy Notice
UZRC—NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We are required by law to maintain the privacy and security of your health information, referred to as Protected Health Information (PHI), and to provide you with notice of our legal duties and privacy practices with respect to PHI. PHI is information that can identify you as an individual including physical health, mental health, and related health care services.
This Notice of Privacy Practices describes how we may use and disclose your PHI in accordance with applicable law, including the Health Insurance Portability and Accountability Act (HIPAA), regarding HIPAA Privacy and Security Rules.
HOW WE MAY USE AND DISCLOSE YOUR HEALTH INFORMATION
The following describes ways we may use and disclose PHI about you, for the following purposes:
Treatment. We may disclose your PHI to physicians, nurses, medical students, therapists, hospitals, and other personnel who provide health care services or are involved in your care. For example, if you are being treated for a knee injury, we may disclose your PHI to the rehabilitation department in order to coordinate your care.
Payment. We may use and disclose your PHI in order to bill and collect payment for treatment and services provided to you. For example, we may provide portions of your PHI to our billing department and your health plan to receive payment for the health care services provided to you. We may provide your PHI to our business associates, such as billing companies, claims processing companies, and others that process our health care claims. UZRC requires any contractor or company receiving PHI, to safeguard, protect and follow the same guidelines regulated by ‘HIPAA’ and as stated in the ‘Business Associate Agreement’.
Health Care Operations. We may use or disclose your PHI in order to conduct our healthcare business and to perform functions associated with our business activities. For example, we may use your PHI in order to evaluate the quality of health care services that you received or to evaluate the performance of the health care professionals who provided health care services to you. We may also provide your PHI to our accountants, attorneys, consultants, and others in order to make sure we are compliant with the laws that affect us.
OTHER USES AND DISCLOSURES PERMITTED WITHOUT YOUR AUTHORIZATION
The following are types of uses and disclosures permitted by HIPAA without your authorization, in a limited number of situations.
Abuse, Neglect, Domestic Violence or Exploitation. We must disclose PHI to notify a protective service agency, government authority, or law enforcement authority as required by law, if we reasonably believe that you have been a victim of abuse, neglect, domestic violence or exploitation.
Coroners, Medical Examiners, Funeral Directors, and Organ Donation. We may disclose your PHI to coroners, medical examiners or funeral directors as necessary for them to carry out their duties authorized by law. We may release PHI to organ procurement organizations, to assist them in organ, eye, or tissue donations and transplants.
Data Breach Notification Purposes. We may use or disclose your PHI to provide legally required notices of unauthorized access to or disclosure of your PHI.
Deceased Individual. We may disclose PHI regarding deceased patients as mandated by state law, or to a family member or friend that was involved in your care or payment for care prior to death, based on your prior consent. A release of information regarding the deceased individual may be limited to an executor or administrator of a deceased person’s estate or the person identified as next-of-kin. PHI of persons that have been deceased for more than fifty (50) years is not protected under HIPAA.
Emergencies. We may disclose your PHI in an emergency situation. In the event of a fire or another emergency that results in a transfer to another facility, we would provide emergency personnel with information to secure your safety.
Fundraising activities. We may use or disclose PHI to raise funds for our organization. The money raised through these activities is used to expand and support our benevolent fund and capital building projects.
Health Oversight Activities. We may use or disclose PHI to a health oversight agency for audits, investigations, inspections, or licensing purposes. These disclosures may be necessary for certain state and federal agencies to monitor health care systems, government programs, and compliance with civil right laws.
Law Enforcement. We may disclose PHI, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes include (1) legal processes, (2) limited information requests for identification and location purposes, (3) information pertaining to victims of a crime, ( 4) suspicion that death has occurred as a result of criminal conduct, (5) in the event that a crime occurs on the premises of the facility, (6) in an emergency to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.
Legal Proceedings. We may disclose PHI in the course of any judicial or administrative proceeding, in response to an order of a court, warrant, or administrative tribunal, in certain conditions in response to a subpoena, discovery request or other lawful purposes.
Military, Veterans, National Security, and Intelligence. If you are or were a member of the armed forces, or part of the national security or intelligence communities, we may be required by military personnel or other government authorities to release your PHI. We may also release information about foreign military personnel to the appropriate foreign military authority.
Public Health. We may disclose PHI about you for public health reasons in order to prevent or control disease, injury or disability, and to report problems with medications or products.
Public Safety. We may use and disclose PHI to law enforcement personnel or other persons able to prevent or lessen such harm. We may use and disclose PHI to prevent a serious threat to your health or safety or the health and safety of the public or another person.
Required by Law. We may use or disclose PHI about you when required to do so by federal, state or local law.
Research. In certain circumstances, we may provide PHI in order to conduct medical research.
Workers’ Compensation. We may provide PHI in order to comply with workers’ compensation laws.
OTHER USES AND DISCLOSURES PERMITTED WITH YOUR AUTHORIZATION
The following are types of uses and disclosures of your PHI, which UZRC is permitted to make with your authorization.
Appointments. We may use or disclose PHI to confirm an appointment for medical care or services.
Facility Directories. We may use and disclose your name, location in the facility, and room number in the facility directory. The facility directory will be used to assist staff members, family members, visitors, and delivery companies to locate your residence at the facility, for those who ask for you by name. We may reveal your religious affiliation to clergy.
Facility Notifications. We may make announcements over the intercom system, post on facility bulletin boards, and/or facility calendars; your birthday and other special events, which could be heard or visible by the public.
Photo and/or Name Plate. We may display your photo and/or nameplate near the door of your room. We may display your photo on bulletin boards within the facility. We will not give photographs of you for publication to anyone outside of the facility unless we have your permission. We have instructed staff that UZRC’s policy does not allow pictures to be taken of our residents without his/her consent.
Persons Involved in Your Care or Payment for Your Care. We may disclose PHI about you to a legally appointed representative, which could be a family member, friend, or other persons that you approved to be directly involved with your care or payment of your health care.
OTHER USES AND DISCLOSURES REQUIRE YOUR PRIOR WRITTEN AUTHORIZATION
We will not use or disclose your health information for any purpose other than those identified in the previous sections, without your written authorization. If you choose to sign an authorization to disclose your PHI, you can later revoke the authorization in writing to stop any future uses and disclosures, but we cannot take back any uses or disclosures already made with your permission.
Marketing. We must obtain your authorization prior to using or disclosing your PHI for marketing purposes in most situations. If we will obtain financial remuneration for such marketing, we must disclose that to you in the authorization.
Sale of PHI. We must obtain your authorization prior to selling your health information. If we will obtain financial remuneration for such a sale, we must disclose that to you in the authorization.
Psychotherapy Notes. Most uses and disclosures of your psychotherapy notes require your prior authorization.
RIGHTS REGARDING YOUR PHI
You have the following rights regarding PHI we maintain about you.
The Right to Accounting of Disclosures. You have the right to request a list of instances in which we have disclosed your PHI. The list will not include the following uses or disclosures (1) treatment, payment, health care operations, (2) instances of prior authorization, (3) national security purposes, (4) to corrections institutions, (5) law enforcement personnel.
The Right to Amend. If you believe the PHI we have about you is incorrect or incomplete, you may ask us to amend the information in writing. You must provide the request and your reason for the request in writing. We may deny your request in writing if the PHI is (1) correct and complete, (2) not created by us, (3) not allowed to be disclosed or (4) not part of our records. Our written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. You have the right to submit a written statement disagreeing with the denial and that statement will be attached to your medical record. If we approve your request to your health information, the request will be in addition to, not a replacement of, already existing records. We will inform you and others that need to know, of the changes to your medical record.
The Right to Breach Notification. We are required by law to maintain the privacy of your health information. You will receive a written breach notice if your health information was compromised.
The Right to Choose How you Receive PHI. You have the right to ask that we send the information to another address. You have the right to ask how you would like to receive the information, by mail, email, etc. We must agree to your request so long as we can easily provide the information in the format requested.
The Right to Inspect and Copy. You have the right to inspect and copy your health information that we maintain. You must submit the request in writing. We may deny your request to inspect and copy in limited circumstances. If you are denied access to your information, you may request the denial be reviewed. There may be fees associated with copying and other associated costs, that you will need to approve or deny before we will continue.
The Right to Opt-Out of Receiving Future Fundraising Notices. You have the right to request we no longer contact you with future fundraising notices. If you would like to start receiving fundraising notices, after you have opted-out, you will need to contact us to add your name back on the fundraising notice list. You would contact the Marketing and Development Department at (717) 627-8421, to request changes to fundraising notices.
The Right to Restrict Disclosure of PHI for Out of Pocket. You have the right to request we do not disclose PHI to a health plan for payment, or health care operations, where service is paid out-of-pocket in full by you, someone on your behalf, or another health plan, unless required by law.
The Right to Request Restrictions. You have the right to request a restriction or limitation of how we use and disclose your PHI. We will consider your request, but we are not legally required to agree to your request unless your request is to restrict disclosure to a health plan for purposes of payment or health care operations when you or someone on your behalf has already made full payment. If we accept your request, we will put any limits in writing and abide by them except in emergency situations.
RIGHTS AND CHANGES TO THIS NOTICE
We are required to provide you with a copy of the Notice of Privacy Practices at admissions. You can also request a copy of the Notice of Privacy Practices, by contacting the Admissions Office or Marketing Office at any time. You have the right to request a paper copy of the Notice of Privacy Practices if you have previously agreed to receive the Notice of Privacy Practices electronically.
We reserve the right to change or revise the terms of the Notice of Privacy Practices at any time. We will post the most recent copy of the Notice of Privacy Practices on pertinent bulletin boards and our website https://uzrc.org/.
QUESTIONS and COMPLAINTS
If you believe your privacy rights have been violated, disagree with a decision we made regarding access to your PHI, you may file a complaint with our Chief Compliance Officer at (717) 626-2071. You may also send a written complaint to the Secretary of the Department of Health and Human Services. We will take no retaliatory action against you if you file a complaint about our privacy practices.
If you have questions concerning this notice or would like to know how to file a complaint with the Secretary of the Department of Health and Human Services, please contact our Chief Compliance Officer at (717) 626-2071.