To review the Notice of Privacy Practices for Your Medical Information or the Beneficiary Education Notice click below.
Notice of Privacy Practices for Your Medical Information
This Notice describes how health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
This Notice applies to all Sanford Health entities as well as the physicians and other licensed professionals seeing and treating patients at Sanford Health facilities. For a complete listing of these facilities and locations, go to www.sanfordhealth.org/locations. If you have questions about this Notice, please contact Sanford's Privacy Office at (800) 325-9402. You may also email your questions.
This Notice describes how we will use and disclose your health information. The terms of this Notice apply to all health information generated or received by Sanford Health, whether recorded in your medical record, billing invoices, paper forms, video, or in other ways.
How We Use and Disclose Your Health Information
We use or disclose your health information as follows (in Minnesota we will obtain your prior consent):
- Treatment: We may use your health information to provide care and share it with others who are treating you. For example, your physician may disclose your health information to a specialist for the purpose of a consultation.
- Payment: We may use and share your health information to bill and obtain payment for the health care services you receive. For example, we send information about you to your health insurance plan so it will pay for your services. We may also disclose your health information to other health care providers for their payment purposes.
- Health Care Operations: We may use and share your health information for our day-to-day operations, to improve your care, and contact you when necessary. For example, we may use your medical information to review our treatment and services and evaluate how to improve our quality of care. We may disclose your information to medical students and other hospital staff for their education. We may also disclose your health information to other health care providers for their health care operations.
We may share your health information in the following situations unless you tell us otherwise. If you are not able to tell us your preference, we may go ahead and share your information if we believe it is in your best interest or needed to lessen a serious and imminent threat to health or safety:
- Directories: We may maintain a patient directory that includes your name and location within the facility, general information about your condition (fair, serious, etc.) and religious designation. We may disclose all but your religious designation to any person who asks for you by name. Members of the clergy may obtain all directory information.
- Friends and Family: We may disclose to your family and close personal friends any health information directly related to that person's involvement in your care.
- Disaster Relief: We may disclose your health information to disaster relief organizations in an emergency so your family can be notified about your condition and location.
We may also use and share your health information for other reasons without your prior consent:
- When required by law: We will share information about you if state or federal law require it, including with the Department of Health and Human services if it wants to see that we're complying with federal privacy law. This may include disclosing information about victims of abuse, neglect, or domestic violence.
- Law enforcement: We may share information for law enforcement purposes, such as when a crime is committed at one of our facilities. We may also share information to help locate a suspect, fugitive, missing person or witness.
- For public health and safety: We can share information in certain situations to help prevent disease, assist with product recalls, report adverse reactions to medications, and to prevent or reduce a serious threat to anyone's health or safety.
- Lawsuits and legal actions: We may share information about you in response to a court or administrative order, or in response to a subpoena.
- Organ and tissue donation: We can share information about you with organ procurement organizations.
- Medical examiner or funeral director: We can share information with a coroner, medical examiner, or funeral director when an individual dies.
- Workers' compensation, correctional institutions and other government requests: We can share information to employers for workers' compensation claims. We also share information with correctional institutions about their inmates. Information may also be shared with health oversight agencies when authorized by law, and other special government functions such as military, national security and presidential protective services.
- Research: We can use or share your information for certain research projects that have been evaluated and approved through a process that considers a patient's need for privacy.
We may contact you in the following situations:
- Appointment reminders: To remind you of appointments with us.
- Treatment options: To provide information about treatment alternatives or other health related benefits or Sanford Health services that may be of interest to you.
- Fundraising: We may contact you about fundraising activities, but you can tell us not to contact you again.
Your Rights That Apply to Your Health Information
When it comes to your health information, you have certain rights.
- Get a copy of your medical record: You can ask to see or get a paper or electronic copy of your medical record and other health information we have about you. We will provide a copy or summary to you usually within 30 days of your request. We may charge a reasonable, cost-based fee. Access may be denied in some circumstances, such as to psychotherapy notes or when a certain law prohibits your access. In some circumstances you may have this decision reviewed.
- Ask us to correct your medical record: You can ask us to correct health information that you think is incorrect or incomplete. We may deny your request, but we'll tell you why in writing. These requests should be submitted in writing to the contact listed below.
- Request confidential communications: You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. Reasonable requests will be approved.
- Ask us to limit what we use or share: You can ask us to restrict how we share your health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say "no" if it would affect your care. If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information with your health insurer for the purpose of payment or our operations. We will say "yes" unless a law requires us to share that information.
- Get a list of those with whom we've shared information: You can ask for a list (accounting) of the times we've shared your health information for six years prior, who we've shared it with, and why. We will include all disclosures except for those about your treatment, payment, and our health care operations, and certain other disclosures (such as those you asked us to make). We will provide one accounting a year for free, but we will charge a reasonable cost-based fee if you ask for another within 12 months.
- Get a copy of this privacy notice: You can ask for a paper copy of this Notice at any time, even if you have agreed to receive it electronically. We will provide you with a paper copy promptly.
- Choose someone to act for you: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
- File a complaint if you feel your rights are violated: You can complain to the U.S. Department of Health and Human Services Office for Civil Rights if you feel we have violated your rights. We can provide you with their address. You can also file a complaint with us by using the contact information below. We will not retaliate against you for filing a complaint.
Contact Information:
Patient Relations – Bemidji
Sanford Health
1300 Anne Street NW
Bemidji, MN 56601
(218) 333-5996
Patient Relations- Bismarck
Sanford Health
225 N. 7th Street
Bismarck, ND 58501
(701) 323-1050
Patient Relations - Fargo
Sanford Health
PO Box 2010
Fargo, ND 58122-2204
(701) 234-5876
Patient Relations- Sioux Falls
Sanford Health
1305 W. 18th Street
Sioux Falls, SD 57117
(605) 333-6546
Our Responsibilities Regarding Your Health Information
- We are required by law to maintain the privacy and security of your health information.
- We will let you know promptly if a breach occurs that may have compromised the privacy or security of your health information.
- We must follow the duties and privacy practices described in this Notice and offer to give you a copy.
- We will not use or share your information other than as described here unless you tell us to in writing. You may change your mind at any time by letting us know in writing.
Changes to This Notice
We may change the terms of this Notice, and the changes will apply to all information we have about you. The new Notice will be available upon request and on our website www.sanfordhealth.org.
Effective Date
This Notice of Privacy Practices is effective December 1, 2022.
Notice of Organized Health Care Arrangement for Sanford Health
Sanford Health, its component hospitals, the independent contractor members of the medical staff at those facilities, and other health care providers affiliated with Sanford Health have agreed, as permitted by law, to share your health information among themselves for the purposes of treatment, payment, or health care operations. This allows us to better address your health care needs in a clinically integrated setting. This notice is being provided to you as a supplement to this Notice of Privacy Practices.
Beneficiary Education Notice for Protecting Your Information on Mobile Apps
Patients and insurance plan members can use mobile apps to access their health information. It’s important to take an active role in protecting your health information. Knowing what to look for when choosing an app can help you make an informed decision.
Look for an easy-to-read privacy policy that clearly explains how the app will use your data. Do not use an app until you have reviewed the privacy policy.
Some things you should also consider:
- What company created this app? Companies that do not provide health care or health insurance may not be required to follow federal privacy rules. Does the app’s privacy policy talk about the Health Insurance Portability and Accountability Act (HIPAA) or other laws the company must follow?
- What health data will this app collect? Will this app collect other data from your device, such as your location?
- Will your data be stored without a way for others to identify you?
- How will this app use your data?
- Will this app give your data to third parties?
- Will this app sell your data for any reason, such as advertising or research?
- Will this app share your data for any reason? If so, with whom? For what purpose?
- How can you limit this app’s use and disclosure of your data?
- What security measures does this app use to protect your data?
- What impact could sharing your data with this app have on others, such as your family members?
- How can you access your data and change it if it is incorrect?
- Does this app have a process for collecting and responding to user complaints?
- If you no longer want to use this app, or if you no longer want this app to have access to your health information, how can you stop the app’s access to your data?
- What is the app’s policy for deleting your data once you stop access? Do you have to do more than just delete the app from your device?
- How does this app let users know of changes that could affect its privacy practices?
If the app’s privacy policy does not clearly answer these questions, rethink using the app to access your health information. Health information is very sensitive. Be careful to choose apps with strong privacy and security standards.
What should a member consider if part of an enrollment group?
Some health plan members may be part of an enrollment group where they share the same health plan as other members of their tax household. This is more common with members who are covered by Qualified Health Plans (QHPs) on Federally-facilitated Exchanges (FFEs). Often, the primary policyholder and other members can access information for all members of an enrollment group unless a request is made to restrict access to member data. Members should be told how their data will be accessed and used if they are part of an enrollment group. This access and use is based on the enrollment group policies of their health plan in the state where they live.
Members who share a tax household but who do not want to share an enrollment group have the option of enrolling each household member into separate enrollment groups. This can even be done while applying for exchange coverage and financial assistance on the same application. But, this may cause higher premiums for the household and some members. For example, dependent minors may not be able to enroll in all QHPs in a service area if using their own enrollment group. It may also cause higher total out-of-pocket expenses if each member has to meet a separate annual limit on cost-sharing, such as your out-of-pocket maximum.
What are my rights under HIPAA, and who must follow HIPAA?
The U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security and Breach Notification Rules and the Patient Safety Act and Rule.
Learn more about member rights under HIPAA and who must follow HIPAA.
Download a HIPAA FAQ from HHS.
Are third-party apps covered by HIPAA?
Most third-party apps are not covered by HIPAA. Instead, these apps are often controlled by the Federal Trade Commission (FTC) and the protections of the FTC Act. The FTC Act, among other things, protects against dishonest acts. For example, it would protect against an app sharing personal data without permission, even though there is a privacy policy that says it will not do so.
Read more from the FTC about mobile app privacy and security.
What should you do if you think someone has gained access to your data or an app has used your data in a way it should not have?
If you have a complaint about how Sanford Health has used or disclosed your data, please contact us:
Sanford Patient Relations
PO Box 5039
Sioux Falls, SD 57117
Sanford Health Compliance Hotline
(800) 325-9402
Learn more about filing a complaint with the OCR under HIPAA.
Individuals can file a complaint with OCR using the OCR complaint portal.
Individuals can file a complaint with the FTC using the FTC complaint assistant.