You are here

Joint Notice of Information Practices

Patient Privacy

At UMass Memorial Health (UMass Memorial), your privacy is a priority. We follow strict federal and state guidelines to maintain the confidentiality of your medical (protected health) information.

We also follow state guidelines regarding how long we must store your medical records and the requirements for proper disposal.

Protected Health Information

Protected health information (PHI) is any information about your past, present or future health care, or payment for that could be used to identify you.

Members of our workforce and our business associates may only access the minimum amount of protected health information that they need to complete their assigned tasks.

Use and Disclosure of PHI

When you visit a UMass Memorial facility, we use and disclose your protected health information to treat you, to obtain payment for services and to conduct normal business known as health care operations.

UMass Memorial may share your electronic medical record (EMR) with health care providers involved in your care who are not part of UMass Memorial. The EMR system used by UMass Memorial is also used by non-UMass Memorial health care providers, including certain other hospitals, community physicians, and physician groups (collectively, External Providers). Using this EMR system enables UMass Memorial to share your health information via a health information exchange platform. The system enables External Providers to receive your health information when those External Providers need your UMass Memorial health information to take care of you or to coordinate your care.

We may also share information with a contracted business associate who must meet our privacy and security requirements. Examples of how we use and disclose your information include:

  • Treatment: We document each visit and/or admission. Documentation may include your test results, diagnoses, and medications, and your response to medications or other therapies. This allows your doctors, nurses and other clinical staff to provide the best care to meet your needs.
  • Payment: We document the services and supplies you receive at each visit or admission so that you, your insurance company or another third party can pay us. We may tell your health plan about upcoming treatment or services that requires its prior approval.
  • Health Care Operations: Medical information is used to improve the services we provide, to train staff and students, and for business management, performance improvement and customer service.

We may also use information to:

  • Recommend treatment alternatives
  • Tell you about health benefits and services
  • Communicate with other UMass Memorial OHCA members or business associates for treatment, payment or health care operations
  • Communicate with family or friends involved in your care
  • Include you on the hospital inpatient list for callers or visitors if you are admitted*
  • Respond to media inquiries should they be made*
  • Let clergy know if you are admitted*
  • Contact you about support for fundraising.* HIPAA permits use of limited patient health information for fundraising purposes

Services followed by an asterisk (*) are optional. Tell the admitting clerk or fundraiser (if contacted) if you do not wish to participate.

There are limited times when we are permitted or required to disclose medical information without your signed permission. These situations include the following:

  • For public health activities such as tracking diseases or medical devices
  • To protect victims of abuse or neglect
  • For federal and state health oversight activities such as fraud investigations
  • For judicial or administrative proceedings
  • If required by law or for law enforcement
  • To coroners, medical examiners, and funeral directors
  • For organ donation
  • To avert serious threat to public health or safety
  • For specialized government functions such as national security and intelligence
  • To workers' compensation if you are injured at work
  • To a correctional institution if you are an inmate
  • For research that is approved by our research review committee when written consent is not required by law. This may include our internal preparation for research studies or telling you about research studies in which you might be interested. You are able to choose whether or not you want to hear more details about any research study.

Other uses and disclosures not described in this notice may be made with your signed authorization. In some instances, we may need your signed permission to use and disclose your information, including sale of your information, certain types of marketing, and most sharing of certain types of medical information protected under our state laws. You may cancel your authorization, in writing, at any time.

Most Recent Review Date: 11/17/20

Our Responsibilities

UMass Memorial is required by law to maintain the privacy and security of your medical information, provide this notice of our duties and privacy practices, and abide by the terms of the notice currently in effect.

We reserve the right to change privacy practices and make the new practices effective for all the information we maintain.

Revised notices will be posted in our facilities, available from your health care provider, and on our website. We will notify you promptly if a breach occurs that may have compromised the privacy or security of your information.

Your Rights

You have the right to:

  • Inspect and request either a paper or electronic copy of your medical records (fees may apply).*
  • Request a correction to your medical information (reason required).*
  • Request that we use a specific telephone number or address to communicate with you.
  • Request that we limit certain disclosures of your medical information (we are not required to agree to your request).
  • Request that we limit certain disclosures of your medical information to your health plan if an item or service is paid in full out of pocket.*
  • Receive a list (an accounting) of how your medical information was disclosed (excludes disclosures for treatment, payment, health care operations and some required disclosures; fees may apply)*
  • Obtain a paper copy of this notice even if you receive it electronically.
  • Register a complaint --- see "To Contact Us" section of of this notice.
  • Opt-Out of our hospital inpatient list or fundraising requests.
  • Decline (Opt-Out) to share your EMR with health care providers who are not part of UMass Memorial.* Opting-Out will not have any effect on actions taken prior to the date of receipt by UMass Memorial of a signed Opt-Out form.

*Request must be in writing

Contact Us

If you have questions about this notice, contact the privacy officer or visit www.ummhealth.org. If you would like to exercise your rights or if you feel your privacy rights have been violated, contact the privacy officer:

UMass Memorial Medical Center
Hahnemann Campus, 281 Lincoln Street, Worcester, MA 01605
Tel: 508-334-5551 (Privacy Line)

UMass Memorial Health – Harrington Hospital
100 South Street, Southbridge, MA, 01550
Tel: 508-764-2450 (Privacy and Compliance Hotline)

UMass Memorial Health – HealthAlliance-Clinton Hospital
Clinton Campus, 201 Highland Street, Clinton, MA 01510
Tel: 978-368-3714 (Confidential Reporting Line)

UMass Memorial Health – HealthAlliance-Clinton Hospital
Leominster Campus, 60 Hospital Road, Leominster, MA 01453
Tel: 978-466-4333 (Privacy and Compliance Hotline)

UMass Memorial Health – Marlborough Hospital
157 Union Street, Marlborough, MA 01752
Tel: 508-486-5820 (Confidential Reporting Line)

UMass Memorial Health – Milford Regional Medical Center 
138 South Main Street,Suite 13, Milford, MA  01757
Tel: 508-422-2483 

UMass Memorial Health – Community Healthlink
72 Jaques Avenue, Worcester, MA 01610 
Tel: 508-860-1163

All complaints will be investigated and you will not suffer retaliation for filing a complaint. You may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter or visiting https://www.hhs.gov/hipaa/filing-a-complaint/index.html.

Members of Our Organized Health Care Arrangement (OHCA)

All UMass Memorial Health facilities and services including, but not limited to:

  • UMass Memorial Health Accountable Care Organization, Inc.
  • UMass Memorial Health – Community Healthlink
  • UMass Memorial Health – Harrington Hospital
  • UMass Memoria Health – HealthAlliance-Clinton Hospital
  • UMass Memorial Health Magnetic Imaging Center
  • UMass Memorial Health – Marlborough Hospital
  • UMass Memorial Health – Milford Regional Medical Center 
  • UMass Memorial Medical Center
  • UMass Memorial Medical Group
  • Private physicians, hospital-based
  • Private physicians, not hospital-based, working at our facilities

Each OHCA member is individually responsible for abiding by the privacy practices, and for resolving its own privacy complaints and violations. Please call the Privacy Line number above to be directed to the Privacy Officer at the respective member of the OHCA.