Purdue University endeavors to preserve the privacy, security, and confidentiality of the Protected Health Information and medical records maintained by its various schools and departments at all of Purdue’s campuses. It strives to fulfill this responsibility in accordance with state and federal statutes and regulations. Further, Purdue acknowledges its general obligations of trust and confidentiality reposed in its employees and students who are responsible for medical or mental health treatment at the University.
You have the right to ask Purdue’s Health Care Providers or Purdue’s Health Plans to limit the use and disclosure of your health information. If you or another family member or person on your behalf have paid your health care provider in full for a particular health care service or item and specifically request that we not disclose information about this health care item or service to your health plan for payment or healthcare operations purposes, we will agree to this request. We generally cannot restrict disclosure of information needed for health care treatment purposes. For other restrictions, we will consider your request but we do not have to accept it. If we do, we will put any limits in writing and abide by them except in emergency situations where the information is needed. You may not limit the uses and disclosures that we are legally required to make.
You have the right to ask that we send your health information to you at an alternate address (for example, sending information to your work address rather than your home address) or by alternate means (for example, by fax instead of regular mail). We must agree to your request if we can easily provide it in the format you requested.
In most cases, you have the right to look at or get copies of your health information that we have, but you must make the request in writing. If we maintain an electronic copy of your medical, mental health or billing records, and you request an electronic copy of your record, we will provide you with access to the electronic information in the electronic format requested by you, if it is readily producible, or, if not, in a readable electronic format as agreed to by Purdue’s Health Care Providers or Health Plans and you. We will provide you with some kind of readable electronic copy and images, will be included, if requested. If we do not have your health information but we know who does, we will tell you how to get it. We will respond to you within 30 days after receiving your written request. In certain situations, we may deny your request. If we do, we will tell you, in writing, our reasons for the denial and explain your right to have the denial reviewed. If you request copies of your health information, we will charge you a reasonable fee as permitted by Indiana law. Instead of providing the health information you requested, we may provide you with a summary or explanation of the health information. We will only do this if you agree to receive information in that form and if you agree to pay the cost in advance.
You have the right to request a list of instances in which we have disclosed your health information. The list will not include uses or disclosures made for treatment, payment, and health care operation, or information given to your family or friends with your permission or in your presence without objection. It will also not include disclosures made directly to you or when you have given us a written authorization for the release of health information. The list will also not include information released for national security purposes or given to correctional institutions. To obtain this list, you must make a request in writing to the Privacy Officer listed at the top of this notice. The list we will give you will include disclosures made in the last six years unless you request a shorter time. We will provide the list to you upon request once each year at no charge.
If you believe that there is a mistake in your health information or that a piece of important information is missing, you have the right to request that we amend the existing information. You must provide the request and your reason for the request in writing to the Privacy Officer listed at the top of this notice. We may deny your request in writing if the health information is: 1) correct and complete; 2) not created by us; 3) not allowed to be disclosed, or 4) not part of our records. Our written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. If you do not file a statement of disagreement, you have the right to ask that your request and our denial be attached to all future disclosures of your health information. If we approve your request, we will make the change to your health information, tell you that we have done it, and tell others that need to know about the change to your health information.
If any of Purdue’s Health Care Providers or Purdue’s Health Plans or any of its Business Associates or the Business Associate’s subcontractors experiences a breach of your health information (as defined by HIPAA laws) that compromises the security or privacy of your health information, you will be notified of the breach and about any steps you should take to protect yourself from potential harm resulting from the breach.