Please use Google Chrome as your browser for optimal performance

Install Google Chrome

Collectively committed to clinical excellence by improving the quality and value of care for the patients we serve.

Privacy Policy

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW HEALTH AND FINANCIAL INFORMATION ABOUT YOU MAY BE USED AND SHARED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

Our responsibilities

At Physician Partners of Western Pennsylvania (“PPWPA”), we value your privacy. When it comes to managing your information, we are required to maintain the privacy and security of your health and financial information and to provide you with notice of your rights and our duties to keep your information safe and confidential. 

In the normal course of doing business, we collect and receive information as necessary to deliver treatment and care-related services. The information we collect is called Protected Health Information (“PHI”). PHI is health and financial information that identifies you, or could be used to identify you, and was created or received by a health care provider, a health plan, a health care clearinghouse, or a vendor performing activities on behalf of one of these organizations, and is related to one of the following:

  • Your past, present, or future physical or mental health or condition;
  • Providing you with health care; and,
  • The past, present, or future payment for providing you with health care.

This Notice of Privacy Practices (“Notice”) describes our privacy practices, which includes how we use, disclose (share), collect, manage, and protect your PHI.  This Notice applies to all electronic and paper records we create, obtain, or maintain about you as a patient, as well as all forms of communication (oral, written, and electronic) of this information.

Who will follow this Notice

The privacy practices described in this Notice will be followed by PPWPA. As a Clinically Integrated Network (“CIN”), PPWPA and its participating providers may share your PHI for your treatment and for health care operations of our joint activities, where permissible and appropriate.

How we protect your privacy

We understand the importance of protecting the confidentiality of your information.  We restrict access to your PHI to those who need to know the information to provide health products and services.  We maintain physical, electronic, and procedural safeguards that comply with state and federal regulations to protect your information against unauthorized use, access, and disclosure. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your PHI. 

Understanding your health record and information

Each time you visit a hospital, physician, or other healthcare provider seeking clinical services, a record of your visit is made.  This record contains, among other things, your symptoms, examination, test results, diagnoses, and treatment.  This information, often referred to as your health or medical record, serves as a:

  • basis for planning your care and treatment;
  • means of communication among the many health professionals who contribute to your care;
  • legal document describing the care you received;
  • means by which you or a third-party payer can verify that services billed were actually provided;
  • tool in educating health professionals;
  • potential source of data for medical research;
  • source of information for public health and health oversight purposes/activities; and
  • tool with which we can assess and continually work to improve the care we render, the outcomes we achieve, and the cost of your care.

How we use and share your PHI

We use and share PHI we collect only as necessary to deliver products and services to patients, to operate the CIN, or to comply with legal requirements. For example, we may use your PHI internally to manage your health, submit claims, or audit our operations. We share PHI with our affiliated companies and non-affiliated third parties, as permitted by law, who assist us in administering our programs, coordinating care, and delivering products and services to our patients. We may also share PHI with other third-party service providers that cooperate with us to jointly promote or administer health products or services. Our contracts with all such service providers require them to protect the confidentiality of our patients’ information.

Please be advised that once information is shared with a third party other than a health care provider, health plan, or other person subject to federal privacy laws – for example, if you fill out an authorization form directing us to share your PHI with a life insurance carrier – the information may no longer be subject to privacy and security protections, and the recipient may use or share that information for other purposes.

 Uses of PHI without your authorization.

  • Help manage the health care you receive: To manage the health care you receive, we can use your PHI and share it with health care professionals that are treating you.  For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. 
  • Bill for your services: We may use and share your PHI to bill and receive payment from health plans or other entities for the services delivered to you.  For example, we may give information about you to your insurance plan so it can pay for your services.    
  • Run our business: We may use and share your PHI to operate the CIN, improve your care, and contact you when necessary.  For example, we use information about you to develop and enhance products and services offered to our patients, and we may share your information among our subsidiaries and affiliated entities for purposes permitted by applicable law.   

 We may collect, use, and share your information in other ways without your authorization. We must meet certain conditions in the law before we can share your information for these purposes. The following are some of those examples.

  • As required by law: We may share your PHI if federal or state law requires the use or disclosure.  For example, we must share your PHI with the U.S. Department of Health and Human Services if they want to see that we are following federal privacy laws. 
  • Help with public health and safety issues: We can share your PHI for certain situations such as:
    • Preventing or controlling disease, injury, or disability;
    • Reporting abuse, neglect, or domestic violence;
    • Helping with product recalls;
    • Reporting adverse reactions to medications;
    • Preventing or reducing a serious threat to anyone’s health or safety. 
  • Respond to lawsuits and legal actions: We may share your PHI in response to certain legal requests.  For example, we may share your PHI in response to a court order, administrative order, or subpoena that complies with applicable law. 
  • Respond to requests from coroners, medical examiners, funeral directors, and organ donation agencies: We may share PHI with a coroner or medical examiner to identify deceased persons and the cause of death. If necessary, we will share PHI with funeral directors.  Further, we may share PHI with organizations that handle organ, eye, or tissue donation and transplantation.  
  • Do research: We can use or share your information for health research purposes, subject to certain criteria. 
  • Address workers’ compensation, law enforcement, health oversight activities, and other government requests: We can use or share your PHI when needed:
    • For workers’ compensation claims;
    • For law enforcement purposes or with a law enforcement official;
    • With health oversight agencies for activities authorized by law;
    • For special government functions such as military, national security, and presidential protective services. 
  • Business Associates: We may contract with outside entities that perform business services for us that may require them to use or access your PHI. These entities are called business associates. We will have a written contract in place with the business associate requiring protection of the privacy and security of your health information.

 

  • Health Information Exchange (HIE): We may participate in certain Health Information Exchanges (HIEs), which may be an opt-in or opt-out model. An HIE is a secure electronic data sharing network which allows us to share health information electronically with healthcare entities, such as insurers, health systems, hospitals, and physicians participating in your care for the purposes of treatment, payment, and healthcare operations. The health information we may share includes your medical history, diagnosis, notes, test results, current medications, allergies, immunizations, and other vital information needed for your care.  All providers who participate in an HIE have agreed to privacy and security rules to protect your health information from unauthorized access, use, or disclosure.  

You cannot choose to have only certain providers access your information.  If you do not want your health information to be accessed through an HIE, you may choose not to participate or “opt-out” where applicable.  Even if you opt-out, this will not prevent your health information from being shared in other ways as authorized or allowed by law for purposes such as managing your health care or payment of services you received, or administering our business.  

  • If you are an inmate of a correctional institution, we may share your PHI with the correctional institution to provide you with health care, or to protect your health and safety or the health and safety of others. 

Uses of PHI that require your authorization. Sometimes we are required to obtain your written authorization for the use and disclosure of your PHI.  For example, we would need your authorization:

  • To use your PHI for certain marketing purposes;
  • To sell your information;
  • To share your substance use disorder counseling notes; and
  • To share your psychotherapy notes. 

Withdrawal.  We will not use or share your information other than as described in this Notice, or as permitted or required by applicable law, unless you tell us we can in writing.  You may change your mind at any time by letting us know in writing.  Any change or withdrawal of authorization will be effective for future uses and disclosures of PHI.  It will not impact use of information or disclosures that we have already made while your previous authorization was in effect.

Compliance with State and Federal laws.  We are required to comply with federal and state laws when they offer greater privacy protection for certain types of PHI.  Where such laws apply, we will follow the stricter laws related to the use and sharing of sensitive PHI, such as:

  • Genetic information;
  • HIV/AIDS testing, diagnosis, or treatment;
  • Venereal or communicable disease testing, diagnosis, or treatment;
  • Alcohol or drug abuse prevention, treatment and referral;
  • Psychotherapy notes.

Your choices

For certain health information, you can tell us your choices about what we share.  We may use and share your information in the situations described below, but you have the right to limit or object to sharing information for these reasons.  

  • Under certain circumstances, we may share your PHI with your family or close friends that you have identified as being involved in your health care or payment for your health care, unless you tell us not to do so. If you are unable to provide us permission, then we may provide the information we determine is in your best interest based on our professional judgment. 
  • We may share your information in a disaster relief situation.

Your individual rights

When it comes to your health information, you have certain rights.  The following is a description of those rights.  Any request must be in writing and signed by you or your authorized representative.  You can obtain more information, or submit your request in writing, by using the contact listed at the end of this Notice.  

  • Get a copy of your medical record: You can ask to review or receive copies of your medical and billing records that we have about you in a designated record set. We will provide a copy or summary of your health information.  We may charge a reasonable cost-based fee. 
  • Get a list of those with whom we have shared information: You can ask for a list (an “accounting”) of the times we have shared your PHI that are for reasons other than treatment, payment, health care operations, or those which you authorized.  You may request the date range you want to review; however, this is limited to 6 years before the date of your request. 
  • Ask us to limit what we use or share: You can ask us not to use or share certain health information about you for treatment, payment, or our operations.  We are not required to agree to your request, and we may say “no” if it is not consistent with the law, our policies, or our business operations.  If you pay for a health care service out-of-pocket in full at the time of the encounter, you can ask us not to share information about that service with your health insurer.  We will not share details of that health encounter, unless a law requires us to share that information. 
  • Request confidential communications: You can ask us to contact you in a specific way, or at a different address, if you believe that sharing your PHI could place you in danger.  For example, you may ask that we contact you only at your work address or your work email. 
  • Ask us to correct or amend your medical record: You can ask us to correct or amend your health information if you believe it is incorrect or incomplete. Your request must explain why you believe the information needs to be corrected. We may say “no” to your request, but we will tell you why in writing. 
  • Choose someone to act for you: If you have given someone medical power of attorney or if someone is your legal guardian or other authorized representative, that person can exercise your rights and make choices about your health information.  We will make sure the person has this authority and can act for you before we take any action. 
  • Get a paper copy of this Notice: You can ask for a paper copy of this Notice, even if you have agreed to receive the Notice electronically.

Changes to the terms of this Notice

On an ongoing basis, it may become necessary to revise the terms of this Notice. Any changes will apply to all information we have about you.  If the Notice significantly changes, the new Notice will be available upon request and on our website.

Complaints

If you want more information about our privacy practices or are concerned that we may have violated your privacy rights, you can complain to us using the following contact information:

Privacy Operations
120 Fifth Avenue Place, Suite 2114
Pittsburgh, PA 15222
Toll free: 1.800.985.2050
HighmarkHealthPrivacy@highmarkhealth.org 

You may also file a complaint with the U.S. Department of Health and Human Services by using the following contact information:

U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington D.C. 20201
Toll free:  1.877.696.6775

www.hhs.gov/ocr/privacy/hipaa/complaints.

We support your right to protect the privacy of your PHI.  We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

Effective date

We must follow the privacy practices described in this Notice while it is in effect.  This Notice is revised and effective as of April 2, 2026 and will remain in effect unless we replace it.