Hudson Regional Hospital (HRH) is committed to protecting the privacy and confidentiality of health information about its patients and HRH proprietary information. Protected health information is strictly confidential and should never be given, nor confirmed to anyone who is not authorized under HRH policies or applicable law to receive this information.
The Information Security Policies, Standards, and Procedures document Hudson Regional Hospital (HRH) intentions and staff responsibilities regarding information confidentiality, privacy, and security. Additionally, the Information Security Policies, Standards, and Procedures serve as a foundation for departmental information security policies, standards, and procedures.
The scope of HRH’s information security program is to protect electronic Protected Health Information (ePHI), whether it be created, received, maintained, or transmitted by HRH, from accidental or intentional modification, destruction, and inappropriate use or disclosure. This includes but is not limited to, information recorded electronically on tape, disk, and other memory device or printed; Information will be protected throughout its life cycle (origination, entry, processing, distribution, storage, and disposal).
Data security is an important consideration for everyone who uses confidential or proprietary information. HRH has a legal and ethical obligation to preserve the confidentiality of its data, and the privacy of its patients, staff, and business partners. Once the information is transmitted through our website, it is kept in secure databases and is not available to other users on the Internet.
HRH’s information security program consists of written policies, standards, safeguards, training, technical and procedural controls, risk assessment, auditing and monitoring, and assigned security responsibility to the Information Security Officer (ISO) responsible for the development and implementation of the policies and procedures required by Federal Law.
Policies, Standards, and Procedure Development
HRH’s Information Security Policies, Standards, and Procedures are reviewed by the ISO in collaboration with Administrative Staff, Corporate Compliance Officer, Department Heads, Information Services Department and Health Information Services Department to:
Develop and implement information security policies, standards, and procedures which are compatible with operational and business requirements of HRH, and develop mechanisms for enforcing and monitoring compliance with information security policies, standards, and procedures, and to develop and implement security awareness training programs.
HRH does not sell, lease or provide your personal information to any third party unrelated to HRH, unless otherwise stated at the time of the collection of your information except in situations where we must provide information for legal purposes or if directed and authorized by a patient. Additionally, we reserve the right to report to law enforcement agencies any activities that we reasonably believe to be unlawful in conduct.
We do however reserve the right to use your e-mail address to contact you about administrative matters such as confirming changes to personal information that has been previously provided by you and/or to send you requested information.
Limitation of Liability
You assume the total risk of conveying all your information as it relates to the use of this site, and for any malicious data alterations, invasions, deliberate interceptions and/or unpermitted access to personal data by any outside party other than HRH. We use reasonable care to protect your personally identifiable and confidential information provided by you to our site. Our Hospital has in place a security program that seeks to mitigate this risk substantially. However, in no event shall HRH be liable for any type of damages, including penalties, and fines in connection with your use of resources posted on this website or in connection with or from this website to any other website. We do not guarantee or warrant that information submitted through our website will be protected against misuse and/or changes by unknown third parties.
Violations by HRH Staff
Members of HRH staff and medical staff and contractors /vendors /consultants /volunteers who violate this policy will be subject to disciplinary action up to and including termination of employment or contract with HRH. Anyone who knows or has reason to believe that another person has violated this policy should report the matter promptly to his or her departmental management or the HRH Information Security Office. All reported matters will be investigated, and, where appropriate, steps will be taken to remedy the situation. Where possible, HRH will make every effort to handle the reported matter confidentially.
Any attempt to retaliate against a person for reporting a violation of this policy will itself be considered a violation of this policy that may result in disciplinary action up to and including termination of employment or contract with HRH. Validated violations will be reported to the Compliance and Internal Audit Departments along with the corrective action taken.
If this is a medical emergency, please call 911 to get urgent medical attention. Do not rely on assistance via electronic communications if this is a critical medical matter. This website is not designed to facilitate health emergencies. HRH does not guarantee an immediate response if you choose to use this site in the event of a medical emergency.
By Using This Website, You Accept These Terms.
The use of HRH’s website represents your acceptance of an agreement to be subject to the standards and guidelines of this site’s policies. If you do not agree to these terms and conditions, please depart from the HRH website immediately.
If you have questions or comments about this policy, please contact your departmental management or the HRH ISO immediately at InfoSecOfficer@HudsonRegionalHospital.com. It is important that all questions be resolved as soon as possible to ensure protected health information and HRH proprietary information is used and disclosed appropriately.