Patient Privacy

Report an Incident

Protecting Patient Privacy

Protecting your health information is important to University of Utah Health (“U of U Health”). We maintain the privacy and security of your information in several ways:

  • providing training to our faculty, staff, and volunteers; using technical and physical safeguards when storing information;
  • following requirements related to the Health Insurance Portability and Accountability Act (HIPAA); and
  • implementing administrative controls to ensure we use or disclose patient data with caution and after careful consideration.

Notice of Privacy Practices

U of U Health understands that your health information is very personal and private. Every patient we serve is provided a Notice of Privacy Practices the first time they come to us for health services. This document is the centerpiece of our privacy promise to you.

The notice tells you how we manage your information to facilitate the best treatment for you, and how it is used and disclosed in the course of our operations. The notice also advises you of your privacy rights to access and control your own health information. For more information and to print a current copy, please click the link below.

Please click here to view and/or print a copy of the University of Utah Health Notice of Privacy Practices.

A Patient's Information Privacy Rights

You have the right to request actions related to your health information:

Your Right Under HIPAA

How You Exercise Your Right

Request a copy of your medical record or identify third parties with whom you authorize us to share your medical record.

Submit a Patient Authorization for Disclosure of Health Information form.

Request a correction to your medical record

Submit a Request to Amend Protected Health Information form.

Ask us to limit the information we use and share.

Submit a Patient Request for Special Privacy Restriction form.

Ask us NOT to share certain health information with your insurer

Submit a Patient Request for Privacy Restriction for "Health Care Services Paid for Out-of-Pocket" form.

Get a list of those with whom we have shared your information for reasons other than treatment, payment, or administrative purposes

Submit a Request for Accounting of Disclosures form.

Identify others who are authorized to act on your behalf (e.g., medical power of attorney, legal guardian, etc.)

Provide legal documentation of your choice.

Ask us NOT to use your information for the purposes of fundraising.

Opt out of fundraising

How University of Utah Health Uses Patient Health Information

When you receive care from U of U Health, we may use your health information to treat you, bill for services, and conduct our normal business operations. Examples of how we use your information include:

Treatment - Health care providers use your health information to treat you and to deliver quality care to meet your needs. Your doctor may share your health information with other providers who are involved in your care. Some health records, including confidential communications with a mental health professional and substance abuse records, may have additional restrictions for use and disclosure under state and federal law.

Payment – We keep billing records that include payment information and documentation of the services provided to you. Your information may be used to obtain payment from you, your insurance company, or another third party. We may also contact your insurance company to verify coverage for your care or to notify them of upcoming services that may need prior notice or approval.

Health Care Operations – We use health information to evaluate and improve the quality of care, train staff and students, provide customer service, manage costs, conduct required business duties, and make plans to better serve our communities. 

Sharing Patient Health Information

There are limited situations when we are permitted or required to disclose health information without your signed authorization. Including:

  • For public health purposes permitted or required by law. Examples include reporting communicable diseases; work-related illnesses; births and deaths; reactions to drugs; and problems with medical devices.
  • To protect victims of abuse, neglect, or domestic violence or to avert a serious threat to health or safety.
  • For health oversight activities, such as investigations, audits, and inspections.
  • When requested by law enforcement or as required by law or court order.
  • To coroners, medical examiners, and funeral directors.
  • For organ and tissue donation.
  • For research approved by our review process under strict federal guidelines.
  • For specialized government functions such as intelligence and national security.

Health Information Exchange (HIE)

What Is an Electronic HIE?

An HIE provides a way for authorized healthcare professionals to securely access and share patient medical information. Only authorized healthcare professionals who have a relationship with you are permitted access to your medical information available in a shared electronic medical record or health information exchange.

Why Do We Participate in HIEs?

You may receive treatment from more than one health professional. Information from other health care encounters could inform decisions regarding your treatment. Information about your illnesses, injuries, allergies, medicines, test results, and health history allow health care professionals to make the best possible decisions to care for you. This sharing of information is encouraged by the Health Information Technology for Economic and Clinical Health (HITECH) Act. HITECH provides objectives for health care providers to meet in order to support improved health care for patients. One of the core objectives is to provide patients and their health care providers with access to medical information to improve the safety, quality, and efficiency of care.

Some examples of HIEs that U of U Health participates in include:

  • Epic Care Everywhere. This application provides a way to access a patient's electronic health record when that record is kept by another health care organization. Care Everywhere participants are listed here. https://www.epic.com/careeverywhere/
  • Utah Health Information Network (UHIN). UHIN is a nonprofit, broad-based coalition of Utah healthcare insurers, providers, and others. UHIN provides a private and secure gateway for electronic data exchanges. UHIN gathers and provides data to a statewide data repository. Information about this exchange is available at https://uhin.org/resources/for-patients/

Other Uses of Patient Health Information

 We may share your health information in the following ways:

  • Share information with family or friends to the extent they are directly involved in your care or in paying for your care.
  • Remind you of an appointment (Optional: notify the scheduler if you do not wish to be reminded).
  • Include you in our patient directory for callers, visitors, and clergy. (Optional: You may opt-out of participation in the directory).
  • Share information with business associates who assist us with treatment, payment, and health care operations. (These business associates must adhere to applicable privacy laws and regulations).